Home/ Questions/Q 4621038
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T02:38:35+00:00

I am trying to implement windows authentication in my ASP.NET MVC2 application. I’ve followed

  • 0

I am trying to implement windows authentication in my ASP.NET MVC2 application.
I’ve followed all the steps suggested by the official documentation:

<authentication mode="Windows" />

<authorization>
  <deny users="?" />
</authorization>

I’ve specified NTLM Authentication. So far so good. Everything works fine.
I would like to check the users logged-in against my database.
I would like to fetch roles from my table and then manage the authorization using a custom attribute.
I don’t want to use membership and roles provider.
I’already have my tables Users/Roles in place cause they’ve been used for an Internet App (this is the Intranet App).

In my Internet App I had a form where the user inputs the data. The form is posted to a controller which checks everything and creates a cookie with the user (and roles) of the logged-in user.

In my global.asax I’ve trapped the AuthenticateRequest event where I read the cookie and create a custom principal which I use all over the app to check the authorizations.

How can I do implement this with Windows Authentication?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just create a new principal and assign it to the user and thread in Global.asax (or use an action filter).

    protected void Application_AuthenticateRequest(object sender, EventArgs args)
{
  if(HttpContext.Current != null)
  {
     String [] roles = GetRolesFromSomeDataTable(HttpContext.Current.User.Identity.Name);

     GenericPrincipal principal = new GenericPrincipal(HttpContext.Current.User.Identity, roles);

     Thread.CurrentPrincipal = HttpContext.Current.User = principal;
  }
}

    If a user doesn’t have any role that matches, they can be barred from the app using the web.config authoirzation element:

    <authorization>
  <allow roles="blah,whatever"/>
  <deny users="*"/>               
</authorization>
    • 0