Parts of my website require authentication and others do not e.g. Register page, About, contact us etc.
For the authenticated areas we integrate with ADFS. We are introducing WAP and are considering the following.
We could use preauthenticaiton and place all functionality that requires authentication in one application and then create a second application only for those parts that do not require authentication.
Is this a common/preferred approach?
It depends on your preference really. You can create separate applications if you wish and add access requirements to one and not the other, or you can add logic to grant users conditional access based on authentication or user role. It would be easier to just use the IsAuthenticated property to grant access to particular pages. You can use either Request.IsAuthenticated or User.Identity.IsAuthenticated depending on how far you want to go.
@if (User.Identity.IsAuthenticated){
using (Html.BeginForm("My Page", "About", FormMethod.Post)){
<div> Page Data </div>
}
}
else{
<div> Show nothing. </div>
}
Or even more minimally you can do something like:
@if (Request.IsAuthenticated){
<h1> Here's your data!</h1>
}
else{
<h1>Here's your blank web page! </h1>
}
For reference: How does Request.IsAuthenticated work?
