Custom Authentication along with Integrated Windows Authentication
Question
I am using Integrated Windows Authentication in my application so domain users alone can access the application.
After this step, I am doing some additional authentication to check whether that domain user is permitted to access the application (domain user will be added in a database table).
To achieve this, I am doing in the following way. Is this the best practice?? Please advise.
public class CCUKAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
var isUserAddedinDB = true; //Code to check whether user is added in DB
return isUserAddedinDB;
}
}
1 answers
solution1
0 ACCPTED 2016-04-04 09:50:37
What you are trying to do is first check authentication and then check for an authorization rule(can he access application). I guess this is a onetime check which happens only during the first time authentication process. In that case you better separate that logic into a different method (Separation of Concerns).
Generally in a MVC application if you need to do a custom Authorization check, I would recommend to do Authorization check by overriding "Authorize" attribute ( example ).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.