I would like to take advantage of:
Page.User.IsInRole("CustomRole");
Page.User.Identity.IsAuthenticated
when working inside Page methods, as well as authorization section in web.config:
<authorization>
<allow roles="Administrators, Supervisors" />
<deny users="*" />
</authorization>
and also apply rules on classes and methods level:
[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
In my application I authenticate with ... custom mechanism that provides me user identity in ... http header. I get users PIN number (some kind of ID) + roles. But that is a side plot. It doesn't matter.
What I actually want to achieve is to take advantage of ASP .NET build in Authorization features but having my custom authentication mechanism. I guess I have to implement IPrincipal and IIdentity, is that right? I saw plenty of samples on the web but all of them include web.config configuration that specifies providers, and also FormsAuthentication like classes, that I guess I don't need. I just need to inject my user object (which is prepared by me) into request and that's it.
So:
how to get/create IIdentity object? I saw samples with:
var id = new FormsIdentity(authTicket);
but I'm not using FormsAuthentication.
Thanks
In short, you have to implement your own authentication module.
An authentication module is just an ASP.NET module but having special purpose. Its AuthenticateRequest
method should populate HttpContext.Current.User
property with an instance of IPrincipal
.
Answering your other questions: IPrincipal
is just an interface while GenericPrincipal
is one of its implementations. You can use it, as the name suggests it's just a generic implementation which means that it should suit you. Since IPrincipal
is just IIdentity
plus roles, you probably will also need GenericIdentity
.
Other implementations, like RolePrincipal
+ FormsIdentity
are designed for specific purposes, these two for example are used by the Forms Authentication Module.
There are some good examples available, just google for "custom authentication module".