tags:

views:

1535

answers:

3
+3  Q: 

ASP.NET MVC Windows Authentication Question

Hello,

I've built a custom login system for my asp.net mvc 1.0 web application as I store large amounts of user data for each user (I decided against trying to add custom tables for the windows authentication due to this). The login system basically uses SQL Server (2005 or 2008) and my own database and table structure which is pretty standard. A users table with an unique id, username and hashed password which is linked to my other tables of user related data.

My question is, how can I tie my system to use Windows Authentication logins. I would like to allow the administrator to for a user (as defined in my system) select a Windows Authentication login and perhaps add a value to something in my custom table that I can use to authenticate them?

The questions probably phrased wrong and I might have misunderstood how Windows Authentication works but I would like to offer the option in my web application.

Phil

+1  A: 

If I am understanding your question correctly you want to add some other data linked to a Windows Authenticated user name?

If so you will need to store the username and this custom information in a new table. The windows authentication data exists in Active Directory so you could look there to get a list of users. You will not get any custom information added to AD automatically when Windows authenticates the user. If you want any custom info you will need to add a custom lookup into AD for it or just lookup your custom data in your database depending on where you decide to store the information.

Pretty much all you get with the Windows Authentication is the user's username and the ability to check the roles (AD groups) associated with that user. Anything beyond that you will need to manually code up.

I recently asked about implementing customization beyond the built in security in MVC and came up with a solution on my own. Maybe there is some tidbits that might help you answer your question:

http://stackoverflow.com/questions/1151450/how-to-implement-authorization-checks-in-asp-net-mvc-based-on-session-data

Kelsey  2009-09-10 15:44:43
Useful comment, some nice background reading and other ideas.
Phil  2009-09-10 16:04:50
+1  A: 

If you have Windows Auth enabled on your site then you should be able to use User.Identity.Name to get their NT/Active Directory user name of the currently logged in user, and match that to a column in your users table.

Scrappydog  2009-09-10 15:45:50
So using in my actionfilter HttpContext.Current.User.Identity.Name I can access my Username (MACHINE\PHIL) and the IsAuthenticated is set. So all I need to do is add another column to my user table to associate my username to a User.IDentity.Name and check they are Authenticated?
Phil  2009-09-10 16:02:55
If User.Identity.Name returns a value they ARE authenticated. And more to the point they shouldn't be able to access the page unless they are authenticated (IIS is going to force them to authenitcate before it will render the page).
Scrappydog  2009-09-10 16:16:10
+2  A: 

Here's how we've done it for a hybrid forms/windows authentication app:-

public class MyBaseController
{
  protected override void OnAuthorization( AuthorizationContext authContext )
  {
    if
    (
      !User.Identity.IsAuthenticated &&
      Request.LogonUserIdentity != null &&
      Request.LogonUserIdentity.IsAuthenticated
    )
    {
      String logonUserIdentity = Request.LogonUserIdentity.Name;
      if ( !String.IsNullOrEmpty(logonUserIdentity) )
      {
        User loginUser =
          Context.Users.FirstOrDefault(
            x => x.UserIdentity == logonUserIdentity);
        if ( loginUser != null )
          FormsAuthentication.SetAuthCookie(
            loginUser.LoginName,createPersistentCookie);
    }
  }

There's some encapsulation that I've taken out for the sake of compactness.

Iain Galloway  2009-09-10 15:46:31
Thanks for the helpful code snippet! :)
Phil  2009-09-10 16:04:15
Iain, would you mind posting more of the code? I'm interested in properly encapsulating this functionality AND how you've configured IIS (I'm using IIS 7 myself).Thanks.
wgpubs  2009-09-14 18:32:29

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps