1

I am developing a new intranet MVC application that has Windows-based authentication and am trying to use an an existing internal company authorization library that takes two input parameters of user ID and group and checks if the user belongs to the group and returns a bool value.

I want the authorization rules to be checked immediately after users are successfully authenticated using Windows AD and allow authorized users full access to the entire site. If they're not authorized, then take them to a custom error page and lock them out of all views of the page. I've read up on MVC role-based authentication but can't quite figure out how to implement it with a custom authorization library.

The way I'm doing it now is simply putting try catch blocks in every controller to authorize the user but this isn't very DRY and doesn't seem all that safe either. What is the correct MVC-way of achieving my result?

Thanks.

Erik Philips
  • 53,428
  • 11
  • 128
  • 150
illya
  • 377
  • 5
  • 17

1 Answers1

1

My preference is to use for authentication and authorization. By default identity uses it's own tables and roles, but you can easily override the methods that use tables to use whatever you want.

after users are successfully authenticated using Windows AD

Simply derive your own version of SignInManager and override the PasswordSignInAsync. There are plenty of other ways (and more) to modify the Identity framework to authenticate throught AD.

I want the authorization rules to be checked immediately after users are successfully authenticated

Simply using the AuthorizeAttribute on your methods or controllers will make sure all requests are valid.

existing internal company authorization library that takes two input parameters of user ID and group and checks if the user belongs to the group and returns a bool value.

You can also derive your own UserManager and RoleManager to check if a user is in a role.

Erik Philips
  • 53,428
  • 11
  • 128
  • 150