AuthorizeAttribute v Application_AuthenticateRequest

Question

AuthorizeAttribute v Application_AuthenticateRequest

We want to allow users, and if they are authorized, we want to add their roles and permissions to the user and add this to the IPrinciple

We have two ways to do this: do it in global.asax Application_AuthenticateRequest another, to create an attribute that inherits from AuthorizeAttribute

Is there any brilliant good choice here?

+6

c # asp.net-mvc asp.net-mvc-3

iwayneo Jan 12 '12 at 14:57

source share

1 answer

Darin Dimitrov · Accepted Answer · 2012-01-12T15:00:47+0000

In ASP.NET MVC, you should select a custom authorize attribute. If, on the other hand, you want this code to be reused with classic ASP.NET applications, you can use Application_AuthenticateRequest or write a custom HttpModule and use the AuthenticateRequest event.

AuthorizeAttribute v Application_AuthenticateRequest

More articles: