Hi Guys,
My question is similar to a crapload out there..
I have a simple app to be hosted internal to my company (accessed on the intranet). its an MVC app with windows integrated authentication.
I have all the code to authorize a user against AD, but how do i implement this in the client (web.config + global.asax etc)
Do i use the global.asax even methods available? I can authorize every page request or setup sessions but if someone has a working example of how to route to custom pages without triggering an infinite loop that would be great!
Alternatively is there something in MVC that makes this all much simpler that i am missing? I dont believe the [Authorize] attribute meets this exact requirement.
I have tried this to no avail:
/// /// Handles the AuthenticateRequest event of the Application control. /// /// The source of the event. /// The instance containing the event data. protected void Application_AuthenticateRequest(object sender, EventArgs e) { bool isAuthorised = false;
if ((Request.IsAuthenticated) && (cookie == null))
isAuthorised = AuthoriseUser();
}
/// <summary>
/// Handles the EndRequest event of the Application control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void Application_EndRequest(object sender, EventArgs e)
{
if ((Response.StatusCode == 401) && (Request.IsAuthenticated))
{
Response.Redirect("/Shared/Denied");
}
Thanks in advance