[英]Custom Authentication along with Integrated Windows Authentication
I am using Integrated Windows Authentication
in my application so domain users alone can access the application. 我在应用程序中使用
Integrated Windows Authentication
,因此仅域用户可以访问该应用程序。
After this step, I am doing some additional authentication to check whether that domain user is permitted to access the application (domain user will be added in a database table). 完成此步骤后,我将进行一些其他身份验证,以检查是否允许该域用户访问该应用程序(域用户将添加到数据库表中)。
To achieve this, I am doing in the following way. 为此,我正在按照以下方式进行操作。 Is this the best practice??
这是最佳做法吗? Please advise.
请指教。
public class CCUKAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
var isUserAddedinDB = true; //Code to check whether user is added in DB
return isUserAddedinDB;
}
}
What you are trying to do is first check authentication and then check for an authorization rule(can he access application). 您要尝试做的是先检查身份验证,然后检查授权规则(他可以访问应用程序)。 I guess this is a onetime check which happens only during the first time authentication process.
我猜这是一次性检查,仅在首次身份验证过程中发生。 In that case you better separate that logic into a different method (Separation of Concerns).
在这种情况下,您最好将该逻辑分为不同的方法(关注点分离)。
Generally in a MVC application if you need to do a custom Authorization check, I would recommend to do Authorization check by overriding "Authorize" attribute ( example ). 通常,在MVC应用程序中,如果需要进行自定义的Authorization检查,我建议通过覆盖“ Authorize”属性( 例如 )来进行Authorization检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.