Approach for replacing forms authentication in .NET application
Posted
by
Ash Machine
on Stack Overflow
See other posts from Stack Overflow
or by Ash Machine
Published on 2010-12-24T00:50:10Z
Indexed on
2010/12/24
0:54 UTC
Read the original article
Hit count: 362
My question is about an approach, and I am looking for tips or links to help me develop a solution. I have an .NET 4.0 web forms application that works with Forms authentication using the aspnetdb SQL database of users and passwords. A new feature for the application is a new authentication mechanism using single sign on to allow access for thousands of new users. Essentially, when the user logs in through the new single-sign-on method, I will be able to identify them as legitimate users with a role.
So I will have something like HttpContext.Current.Session["email_of_authenticated_user"] (their identity) and HttpContext.Current.Session["role_of_authenticated_user"] (their role).
Importantly, I don't necessarily want to maintain these users and roles redundantly in the aspnetdb database which will be retired, but I do want to use the session objects above to allow the user to pass through the application as if they were in passing through with forms authentication. I don't think CustomRoleProviders or CustomMemberProviders are helpful since they do not allow for creating session-level users.
So my question is how to use the session level user and role that I do have to "mimic" all the forms authentication goodness like enforcing:
[System.Security.Permissions.PrincipalPermission(System.Security.Permissions.SecurityAction.Demand, Role = "Student")]
or
<authorization>
<allow users="wilma, barney" />
</authorization>
Thanks for any pointers.
© Stack Overflow or respective owner