0

  • We have closed system (Only authenticated users can use system (FormAuthentication))

  • Unauthenticated users must see entrance page with login option

  • Our site is multi-tenant (x.com,y.com,z.com runs on same web application)

We can think these:

  • RouteConstraint (anonymous users are routed to different controller action and that action is outputcached.

  • CustomOutputCaching: How to turn output caching off for authenticated users in ASP.NET MVC?

  • IIS level (on web.config maybe).Could we route all unauthenticated users to entrance page (we dont know how)(it must be multitenant and outputcached!)

We can think these. our first goal is Performance.

EDIT

When unauthenticated user try to enter authenticated page it has to get 404 error or root ur direction (not login redirection)

PS:

Sometimes we can get unauthenticated weird web requests (Not ddos but boring..) We are responding them with 404. There is no problem to serve our entrance page for this type of requests..(performance is first consideration for us)

Community
  • 1
  • 1
Oguz Karadenizli
  • 3,449
  • 6
  • 38
  • 73

1 Answers1

0

A simple login page should all you need, which a user will be redirected towards if attempting to access a page that requires authentication, marked with [Authorize]. The Login Actions for the page should [AllowAnonymous].

All you need to do is add this to web.config:

<system.web>
    <authentication mode="Forms">
        <forms loginUrl="~/Account/Login" requireSSL="true" cookieless="UseCookies"></forms>
    </authentication>
</system.web>

As for the cross-domain name authentication, that is a separate issue. I suggest selecting one to house your users, and use OAuth for the other domains. However, I will yield to others on that specific part.

James Haug
  • 1,426
  • 12
  • 27