Custom IIdentity - where does it belong in a multi-layer application?

Question

Given a 3-layer architecture:

Domain Logic Layer
Data Access Layer
User Interface Layer (ASP.NET MVC web app)

What is the correct location for placing the logic related to constructing a custom user identity, adding custom Claims, and signing it into the web application?

For example, logic like this:

if (something)
    customClaim = new Claim("MyClaimType1", "SomeClaimValue");
else
    customClaim = new Claim("MyClaimType2", "AnotherClaimValue");

customClaimsIdentity.AddClaim(customClaim);
HttpContext.Current.GetOwinContext().Authentication.SignIn(customClaimsIdentity);

I want to say the UI layer, but isn't the custom logic (i.e. custom user) something of a domain thing? Little confused here...

score 1 · Answer 1 · answered Jul 15 '16 at 15:57

What you are describing is a security cross-cutting concern usually associated with ASP.NET MVC and is usually implemented as an action filter. Based on that then the code you displayed, which also makes direct use of the HttpContext should be in the User Interface Layer (ASP.NET MVC web app).

Custom IIdentity - where does it belong in a multi-layer application?

1 Answers1