ASP.NET MVC and Windows Authentication with custom roles

by

Just create a new principal and assign it to the user and thread in Global.asax (or use an action filter).

protected void Application_AuthenticateRequest(object sender, EventArgs args)
{
  if(HttpContext.Current != null)
  {
     String [] roles = GetRolesFromSomeDataTable(HttpContext.Current.User.Identity.Name);

     GenericPrincipal principal = new GenericPrincipal(HttpContext.Current.User.Identity, roles);

     Thread.CurrentPrincipal = HttpContext.Current.User = principal;
  }
}

If a user doesn’t have any role that matches, they can be barred from the app using the web.config authoirzation element:

<authorization>
  <allow roles="blah,whatever"/>
  <deny users="*"/>               
</authorization>

More Related Contents:

  1. A potentially dangerous Request.Form value was detected from the client
  2. ASP.NET MVC – Set custom IIdentity or IPrincipal
  3. Can the ViewBag name be the same as the Model property name in a DropDownList?
  4. Compile Views in ASP.NET MVC
  5. Returning binary file from controller in ASP.NET Web API
  6. How to assign Profile values?
  7. How to add “active” class to Html.ActionLink in ASP.NET MVC
  8. Routing for custom ASP.NET MVC 404 Error page
  9. ASP.NET Bundles how to disable minification
  10. How and where to call Database.EnsureCreated and Database.Migrate?
  11. IIS URL Rewriting vs URL Routing
  12. @Html.DisplayFor – DateFormat (“mm/dd/yyyy”)
  13. MemoryCache Empty : Returns null after being set
  14. Context menu to Add Controller/View missing
  15. The type initializer for ‘System.Data.Entity.Internal.AppConfig’ threw an exception
  16. How do you avoid XSS vulnerabilities in ASP.Net (MVC)?
  17. How to allow internal MVC Web Api from external site outside the network
  18. Display a view from another controller in ASP.NET MVC
  19. Log4net does not write the log in the log file
  20. How to return raw string with ApiController?
  21. asp.net mvc Adding to the AUTHORIZE attribute
  22. Serving favicon.ico in ASP.NET MVC
  23. ASP.NET MVC ViewModel Pattern
  24. double escape sequence inside a url : The request filtering module is configured to deny a request that contains a double escape sequence
  25. ASP.NET MVC Performance
  26. Data Annotations for validation, at least one required field?
  27. What is the proper way to send an HTTP 404 response from an ASP.NET MVC action?
  28. I am getting a blank page while deploying MVC application on IIS
  29. Getting the GUID of the current user?
  30. Different users get the same cookie – value in .ASPXANONYMOUS

Leave a Comment