stackoom
  简体   繁体   中英

ASP.NET External Authentication Services Integration

 原文  2013-10-16 16:52:22       asp.net-mvc/ asp.net-mvc-4/ authentication/ asp.net-web-api/ authorization

Question

My ASP.NET webapp will be protected by third party agent(SM). SM will intercept every call to the webapp, authenticate the user as valid system user, add some header info ex username and redirect it to my webapp. I then need to validate that the user is an active user of my website.

Currently I am authenticating the user by implementing the Application_AuthenticateRequest method in the Global.asax.cs file. I have a custom membership provider whose ValidateUser method, checks if the user exists in the users table of my database.

Just wanted to get comments if this was a good approach or not. 

protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        //if user is not already authenticated
        if (HttpContext.Current.User == null)
        {

            var smcred = ParseAuthorizationHeader(Request);
            //validate that this user is a active user in the database via Custom Membership 
            if (Membership.ValidateUser(smcred.SMUser, null))
            {
                //set cookie so the user is not re-validated on every call.
                FormsAuthentication.SetAuthCookie(smcred.SMUser, false);
                var identity = new GenericIdentity(smcred.SMUser);
                string[] roles = null;//todo-implement role provider Roles.Provider.GetRolesForUser(smcred.SMUser);
                var principal = new GenericPrincipal(identity, roles);

                Thread.CurrentPrincipal = principal;
                if (HttpContext.Current != null)
                {
                    HttpContext.Current.User = principal;
                }
            }

        }
    }

    protected virtual SMCredentials ParseAuthorizationHeader(HttpRequest request)
    {
        string authHeader = null;
        var smcredential = new SMCredentials();
    //here is where I will parse the request header for relevant tokens ex username

        //return smcredential;
        //mockup below for username henry
        return new SMCredentials() { SMUser = "henry", FirstName = "", LastName = "", EmailAddr = "" };

    }

1 answers

solution1
 2  2013-10-16 22:55:02

I would go with the Attribute approach to keep it more MVC like. It would also allow you more flexibility, you could potentially have different Membership Providers for different controllers/actions.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET MVC windows authentication integration Get User Profile Photo For All Services using External Authentication in ASP.NET MVC How to use external authentication services on a ASP.NET MVC Web Api External Authentication with boilerplate ASP.Net core? Adding External Authentication in ASP.NET MVC ASP.NET Identity Integration when project is created with no authentication ASP.NET MVC models when using external web services External authentication in ASP.NET core Web API and Angular Client ASP.net MVC Authentication using external PHP API ASP.Net MVC - forms authentication using an external URL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM