ASP.NET MVC - Custom IIdentity or IPrincipal with Windows Authentication

六月ゝ 毕业季﹏ 提交于 2020-01-03 04:53:07
问题 I am working on an intranet site with Windows Authentication for logins. However, I want to extend the IPrincipal to have other properties. For instance, I'd like to get the user's FirstName in @User.FirstName or User.AuthorizedActivity("Admin/Permissions/Edit") (would retrieve from db) using activities instead of roles to hide certain links, etc. I am really having a heck of a time figuring this out over the past 2 days and find much information doing this with Windows Authentication. My

SerializationException on 'CustomIdentity' when user is denied in ASP.NET

主宰稳场 提交于 2019-12-23 08:30:11
问题 I try to implement ASP.NET Authentication and Authorization on top of our existing database. We have a website calling a webservice to fetch its data. To use the webservice, i need to provide the username and password. Knowing that, I decided to implement IIdentity and IPrincipal to store the encrypted password and be able to provide it when performing webservice calls. In the future, we might want to use more of the built-in security of asp.net, so I implement membership and role provider

MVC3 + Ninject: What is the proper way to inject the User IPrincipal?

南楼画角 提交于 2019-12-23 07:55:40
问题 I have seen the following two example for injecting the User IPrincipal: Method 1: kernel.Bind<IPrincipal>() .ToMethod(context => context.Kernel.Get<RequestContext>().HttpContext.User) .InRequestScope(); Method 2: kernel.Bind<IPrincipal>() .ToMethod(context => HttpContext.Current.User) .InRequestScope(); Is there any difference in the two? Is one preferred? 回答1: The two methods are identical. Both are going to return the HttpContext obect for the current HTTP Request. 来源: https:/

Code is ignoring PrincipalPermission attribute?

ぃ、小莉子 提交于 2019-12-22 08:23:23
问题 I have a Delete method on all my business objects that has the PrincipalPermission attribute on it. Example: [PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")] public static bool Delete(Vendor myVendor) { //do work here } The problem is that it appears to be completely ignoring my PrincipalPermission. It lets anyone through, no matter what role they may be part of. Is there something else I've forgotten to do? I have added the following to my Application's global.asax in

Can you wrap the RolePrincipal in a custom IPrincipal object?

喜夏-厌秋 提交于 2019-12-21 02:41:36
问题 I am using custom Membership and Role providers inside the ASP.NET framework with Forms Authentication. These are working great. The Role provider is using a cookie to persist the roles, saving a trip to the database on each web request. I am also using the UserData string inside the FormsAuthenticationTicket to store the UserId. I need to refactor my DAL out of the web project to its own project. The DAL has a dependency on retrieving the Current user’s ID as well as checking the roles for

Set User property for an ApiController in Unit Test

我们两清 提交于 2019-12-20 17:41:12
问题 My unit tests for an ApiController uses some helpers methods to instantiate the controller: public static ResourcesController SetupResourcesController(HttpRequestMessage request, IResourceMetadataRepository repo, IUnitOfWorkService unitOfWorkService) { var config = new HttpConfiguration(); var defaultRoute = config.Routes.MapHttpRoute(RouteNames.DefaultApi , "api/{controller}/{id}"); var routeData = new HttpRouteData(defaultRoute, new HttpRouteValueDictionary { { "controller", "resources" } }

Custom Identity using MVC5 and OWIN

只愿长相守 提交于 2019-12-20 08:40:21
问题 I trying to add custom properties to the ApplicationUser for a web site using MVC5 and OWIN authentication. I've read https://stackoverflow.com/a/10524305/264607 and I like how it integrates with the base controller for easy access to the new properties. My issue is that when I set the HTTPContext.Current.User property to my new IPrincipal I get a null reference error: [NullReferenceException: Object reference not set to an instance of an object.] System.Web.Security.UrlAuthorizationModule

What is the idea behind IIdentity and IPrincipal in .NET

我们两清 提交于 2019-12-20 08:34:53
问题 So, what is the purpose for existence of both IIdentity and IPrincipal , and not some IIdentityMergedWithPrincipal ? When is it not enough to implement both in same class? Also, to understand purpose, I'd like to know where this concept comes from: It is originated in .Net There is concept of Identity/Principal as design pattern, which System.Security.Principal implemented in those interfaces It is originated somewhere else and supported for compatibility Therefore, does UserPrincipal from

Store user id in Principal or Identity? ASP.Net/OpenID

被刻印的时光 ゝ 提交于 2019-12-10 18:20:51
问题 I have an ASP.Net MVC web application using forms authentication. I am using OpenID for authentication. At the moment the moment I'm storing the openID url inside the Name of the standard GenericIdentity . I would also like to have easy access to the database id for the user. I can make a custom provider or identity by overriding the Application_AuthenticateRequest function. My question is should the database uid for the user go into the principal or the identity? Should the Name property of

How to do ASP.NET Web API integration tests with custom authentication and in-memory hosting

爷,独闯天下 提交于 2019-12-10 11:35:15
问题 A similar question has been answered here but the answer doesn't seem to work in my case. I want to test the authentication/authorization process in my Web Api which is using a JWT authentication. My authentication is handled through a custom MessageHandler that I add to my HttpConfiguration . Authorization in handled by a simple [Authorize] Attribute on Controller/Methods I want to restrict access to. I'm setting the principal I've extracted from my token this way during authentication (in