this is my scenario:
- I have a single page application powered by AngularJS and Web Api (ASP.NET MVC) for the backend
- I need to authenticate users based on LDAP and their "role" written on a database table (basically, users log in with their credentials, I look for their username in a table and see if they're good to go)
My issue is: how? Normally I would just put some [Authorize] here and there and let IIS handle the hassle of LDAP. Now however I need to make sure that only a subset of the users in the domain can access my pages (not only my web service!).
I wrote a filter so that only that subset of users can access the web service, but how can I allow \ deny access to static resources? (e.g. HTML pages).
If I do need to write a login page, how do I check against the LDAP? How do I set that user as authenticated?
Thank you!