Custom fine-grained claims based authorization system in ASP.NET MVC - wheres and hows

Posted by BuzzBubba on Stack Overflow See other posts from Stack Overflow or by BuzzBubba
Published on 2010-05-08T08:32:31Z Indexed on 2010/05/08 8:38 UTC
Read the original article Hit count: 360

So, I'd like to implement my own custom authorization system in MVC2.

If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any data to the action itself?

Previously (in WebForms) I was using a Session object where I would put a serialized object containing essential user data (account id and a list of roles and rights) and I'd extend my own Page class.

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about authorization