简体繁体中英

How can I implement custom authentication/authorization in asp.net MVC without Identity?

原文 2017-10-13 09:53:42 6 1 c#/ asp.net/ asp.net-mvc/ security/ asp.net-mvc-5

I am working on a asp.net MVC 5-solution where I now need to implement authentication and authorization. The solution has a external service managing the "Heavy work" that will take the username and password on every request, and on successfull verification send back a token with the users permissions(roles) which should be matched against Attributes in the controller.

A request to the external service should be made on every request to my solution. How can I implement this in a simple way in my exising asp.net MVC 5-solution? I have looked at Identity and Owin but they feel overly bloated for what Im trying to achieve. I've also found some info about Forms auth, but it seems to be deprecated?

The workflow I have tried with is something like this:

A user request a controller. The controller is marked with an attribute like "Require(Roles="IT")". I implement the IauthenticationFilter and call my service in the OnAuthentication to verify the users request. From the return I will verify that the user is in fact who he says he is and also if he is permitted to enter the said action on said controller.

Any input is appreciated as I'm having a hard time finding solid info on how to implement a custom auth-solution. Is there any best practice?

Thanks!

1 answers

MVC builds upon ASP.NET's interfaces IPrincipal and IIdentity . If you implement these interfaces, you can tap into the existing [Authorize] / [AllowAnonymous] attribute functionality of MVC and only extend it if you need some functionality other than users/roles.

I won't repeat the implementation here - there are several posts about how to properly implement these interfaces (which should be set in the Application_PostAuthenticateRequest event in ASP.NET/MVC).

how to implement custom authorization asp.net core mvc

How to setup a custom authentication on asp.net mvc identity?

How to implement custom authentication in ASP.NET MVC 5

ASP .NET 4.7 MVC Authentication and Authorization Identity

How to implement permission based authorization in ASP.net core Identity?

How do I implement password reset with ASP.NET Identity for ASP.NET MVC 5.0?

Custom authentication and authorization in ASP.NET MVC5?

Authentication and Authorization without Entity Framework in ASP.NET 5 MVC 6

Custom Asp.net mvc 5 authentication without using Microsoft.AspNet.Identity.EntityFramework

ASP.NET Can't Implement Authentication/Authorization

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to implement custom authorization asp.net core mvc How to setup a custom authentication on asp.net mvc identity? How to implement custom authentication in ASP.NET MVC 5 ASP .NET 4.7 MVC Authentication and Authorization Identity How to implement permission based authorization in ASP.net core Identity? How do I implement password reset with ASP.NET Identity for ASP.NET MVC 5.0? Custom authentication and authorization in ASP.NET MVC5? Authentication and Authorization without Entity Framework in ASP.NET 5 MVC 6 Custom Asp.net mvc 5 authentication without using Microsoft.AspNet.Identity.EntityFramework ASP.NET Can't Implement Authentication/Authorization

Related Tags

How can I implement custom authentication/authorization in asp.net MVC without Identity?

Question

1 answers

solution1 3 2017-10-13 10:10:05

solution1
3 2017-10-13 10:10:05