I've created an ASP.NET MVC 4 application which previously used Windows Forms to authenticate users, but I'm moving it to an internal server and would like to authenticate users based on their AD logon and using Windows authentication.
Within my database, I have a list of users AD usernames (domain\username) and some basic permissions. If a user attempts to access the application, and they're in the database, I'd like to grant access and assign their permissions. If they're not in the database, I'd like to grant access, but only assign them basic permissions (read-only).
What's the best way to implement the authentication (without rewriting the application to use simple membership)? (Or is that really the best way!?)
Any help is appreciated - every articles points to simple authentication or naming users in the web.config.
I suggest writing a custom attribute to handle this:
MyAuthorizationAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//Check database here
}
}
Then have all your controllers inherit from a base controller that has the authorization attribute on it:
[MyAuthorization]
public class BaseController : Controller
{
}
public class HomeController : BaseController
{
//Do Stuff
}