【发布时间】:2013-10-17 06:55:02
【问题描述】:
我的 ASP.NET webapp 将受到第三方代理 (SM) 的保护。 SM 将拦截对 webapp 的每个调用,将用户验证为有效的系统用户,添加一些标头信息 ex username 并将其重定向到我的 webapp。然后我需要验证该用户是我网站的活跃用户。
目前我通过在Global.asax.cs 文件中实现Application_AuthenticateRequest 方法来验证用户。我有一个自定义成员资格提供程序,其 ValidateUser 方法检查用户是否存在于我的数据库的用户表中。
只是想获得 cmets,如果这是一个好方法。
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//if user is not already authenticated
if (HttpContext.Current.User == null)
{
var smcred = ParseAuthorizationHeader(Request);
//validate that this user is a active user in the database via Custom Membership
if (Membership.ValidateUser(smcred.SMUser, null))
{
//set cookie so the user is not re-validated on every call.
FormsAuthentication.SetAuthCookie(smcred.SMUser, false);
var identity = new GenericIdentity(smcred.SMUser);
string[] roles = null;//todo-implement role provider Roles.Provider.GetRolesForUser(smcred.SMUser);
var principal = new GenericPrincipal(identity, roles);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
}
}
protected virtual SMCredentials ParseAuthorizationHeader(HttpRequest request)
{
string authHeader = null;
var smcredential = new SMCredentials();
//here is where I will parse the request header for relevant tokens ex username
//return smcredential;
//mockup below for username henry
return new SMCredentials() { SMUser = "henry", FirstName = "", LastName = "", EmailAddr = "" };
}
【问题讨论】:
标签: asp.net-mvc asp.net-mvc-4 authentication asp.net-web-api authorization