4

I have a couple of table on my database that specify witch users ( Depending on your AD Username) can actually use the current ASP.NET MVC 2 app I'm building.

My question is how ( or more likely where and where do I put it? On the master page?? ) do i write a method that gets the AD user out of the HTTP context and validates it against the database to see if you can actually use the app? If you can... the idea it's to write a couple of keys in the Session object with the information I need ( Role, Full Name, etc ).

I'm quite confused regarding how I should accomplish this and if it's actually the right way... Keep in mind that I have an admin section and non-admin section in my app.

Any thoughts?

Edit: Keep in mind that I do not care to authenticate the user through a form. All I want to check is if according to my database and your AD username you can use my app. If you can write to session in order to perish the information I need. Otherwise just throw an error page.

This is what I've implemented so far, is this the way to go? What's the second method for? ( I'm sorry I'm kind of new to c#) What I want to do it's actually throw a view if yo're not authorized...

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
  var isAuthorized = base.AuthorizeCore(httpContext);
  if (isAuthorized)
  {
    var canUse = this._userRepo.CanUserUseApp(httpContext.User.Identity.Name);
    if (!canUse)
    {
      isAuthorized = false;
    }
  }
  return isAuthorized;
}
Improve this question

2 Answers 2

Reset to default
4

You could activate and use Windows (NTLM) authentication and then write a custom [Authorize] attribute where you could fetch the currently connected AD user and perform the additional check of whether he is authorized or not to use the application against your data store. Then you would decorate controllers/actions that require authorization with this custom attribute.

UPDATE:

Here's an example of how such custom attribute might look like:

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (isAuthorized)
        {
            // The user is authorized so far => check his credentials against
            // the custom data store 
            return IsUserAllowedAccess(httpContext.User.Identity.Name);
        }
        return isAuthorized;
    }

    private bool IsUserAllowedAccess(string username)
    {
        throw new NotImplementedException();
    }
}

and then:

[MyAuthorize]
public class FooController: Controller
{
    public ActionResult Index()
    {
        ...
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I have it activated and the HTTP context is being filled with the correct information. What I need to know it's how to write a customer [authorize] method... Perhaps you can point me to some information or guide that explains this?
@Darin thank you so much, would you care to provide a little bit more feedback?
@Gotjosh, feedback for what? What issues are you having?
@Gotjosh, I don't understand what second method you are talking about in your updated question. So if I understand you correctly you want to render some custom view instead of ... (what happens currently and how does it differ from what you expect as a result)?
the IsUserAllowedAccesss method where you're actually throwing an exception.
|
0

Create a class called AdminAttribute with this code

 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
    public class AdminsAttribute : AuthorizeAttribute
    {
            public AdminsAttribute() 
            {
                this.Roles = "MSH\\GRP_Level1,MSH\\Grp_Level2"; 
            }
    } 


 public class HomeController : Controller
    {
        [Admins] 
        public ActionResult Level1()
        {
            ViewBag.Message = "Welcome to ASP.NET MVC!";


            return View();
        }
Improve this answer

1 Comment

Good luck and enable NTLM authentication msdn.microsoft.com/en-us/library/gg703322(v=vs.98).aspx

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.