开发者

Second layer of authentication in ASP.NET MVC2 application

We have an ASP.NET application that's partly in MVC (the rest of it being a legacy webforms-based CMS). The application is authenticated via Forms开发者_StackOverflow中文版 Authentication, although any user accessing it from a specific set of IP addresses are automatically assigned to a "special" user.

We currently have a child application that we would ideally like to bring into the (parent) MVC application as an area. This application uses Windows Authentication as a 2nd layer of authentication. Is there an easy way of retaining the second layer of authentication (possibly by a 2nd authorize attribute)? This is bearing in mind the users can log into this application from both within & outside of the set of IP addresses used for the special forms authentication user, which rules out straight forms authentication. We're also not necessarily tied to windows authentication for this second layer if this makes for an easier solution.


I'm yet to try it out fully, but from what I've seen & tried out thus far, my solution to my own problem is to:

  1. Use Forms authentication for the protected area instead of Windows authentication.
  2. Create a role for certain users who are allowed to access this area & allocate it accordingly.
  3. Create a new custom authorisation attribute, sending an unauthenticated users to the login page. In this case I need to do this as the application defines the login page to be the IP checker (instead of a proper login page), so using a normal authorisation attribute would cause a request infinite loop. The process is similar to the solution described here, except I'm using a plain RedirectResult instead of RedirectToRouteResult as the login page is still in WebForms instead of MVC.
  4. (Optional) since I'm using MVC Areas, I can even create a base controller with the custom authorisation attribute & derive all other controllers from it. This saves me from prefixing every method in every controller (& no doubt stop me from forgetting to do so somewhere!).

I am still open to other solutions though!

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜