0

I'm currently having a code in the Login action, so when the user login, it will pull some data from the database and store in a Session variable.

public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }

    var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);
    switch (result)
    {
        case SignInStatus.Success:
            {
                using (var db = new somedbContext())
                {
                    //do some query here

                    System.Web.HttpContext.Current.Session["userDepartment"] = departmentID; 
                }

                return RedirectToLocal(returnUrl);
            }    
    }
}

This works just fine if the user actually goes through the Login process. However, if the user tries to "login" with other means, such as using cookie (by remember me), or some browsers do save the credentials, or using a third party logins etc., this will not work anymore.

Where should I write the code and assign value to the Session so that regardless of where the user login from, it will go through the code?

Improve this question
2
  • 1
    This kind of stuff is why I just like to avoid using the session altogether. Commented Jan 29, 2015 at 17:40
  • Agreed, @emodendroket. It's especially thorny if you're using clusters. Maybe you ought to post an answer (maybe one already exists) for alternative approaches. Commented Jan 29, 2015 at 18:15

1 Answer 1

Reset to default
4

You can put the logic to lazy-initialize that session variable in a global filter based on IAuthorizationFilter.

The filter could be something like this:

public class SetDepartmentFilter : IAuthorizationFilter 
{
    public void OnAuthorization(AuthorizationContext filterContext)
    {
        var userInfo = GetUserInfo(filterContext);
        if (userInfo.IsAuthorized)
        {
            filterContext.HttpContext.Session["userDeparment"] = userInfo.Department;
        }
    }

    private UserInfo GetUserInfo(AuthorizationContext filterContext)
    {
        // TODO: see if authorized, get department, etc.
    }
}

Somewhere in your application startup:

GlobalFilters.Filters.Add(new SetDepartmentFilter());
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Can you please elaborate a little bit more
Do you have any link/tutorial on how to implement this?
How do I check if the user is Authorized? I cannot access any of the methods such as User.Identity.GetuserId etc.
You can get most of what you need from filterContext.HttpContext, for example, filterContext.HttpContext.User. You'll need to make sure this filter runs after whatever process establishes the user.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.