I have a ASP.NET MVC site with a CAS server set up as the authentication type. I also have a separate database with a Users table and a Roles table (with a User being related to one or more roles). A User is only able to log into the system if the Username is both in the User table and on the CAS system. I have this solution working.

My problem is i now need some form of trigger on User.IsAuthenticated so i can track the current User (from my database), without the possibility that i am trying to allow tracking of a User that has logged out. What I’ve been thinking is i need to add the User to the HttpContext but i am not sure how to trigger the clearing of the User if the CAS session times out or if the User Logs out.

I also wish to have some functionality such as User.IsInRole (again using my database, not ASP.NET) but am not sure how to go about implementing this. I suppose if i can successfully add the User to the HttpContext then a IsInRole method would simply be a User.Roles.Contains(string role) method but how can that then be used if i wish, for example, to use a method with the DataAnnotation [Authorize(role = “ExampleRole”)].

I have looked at questions such as How do I create a custom membership provider for ASP.NET MVC 2? but this doesn’t work for me (possibly to do with me using the CAS authentication?)

Any guidance or background reading would be appreciated as i’m really not sure where i should even start. I have read up on GenericPrinciple, IPrinciple and IIdentity but I’m struggling to see how i can apply them to my current project.