I want to use the ASP.NET MVC 5 for my web app. I need use the windows authentication
.
If I use the windows authentication
where is the best place for reading user information (userid and roles) and store its to the Session
?
I have the method for getting the user information by username from the database like this:
public class CurrentUser { public int UserId { get; set; } public string UserName { get; set; } public Roles Roles { get; set; } } public enum Roles { Administrator, Editor, Reader } public class AuthService { public CurrentUser GetUserInfo(string userName) { var currentUser = new CurrentUser(); //load from DB return currentUser; } }
1 Answers
Answers 1
First and foremost: never, never, never store user details in the session. Seriously. Just don't do it.
If you're using Windows Auth, the user is in AD. You have use AD to get the user information. Microsoft has an MSDN article describing how this should be done.
The long and short is that you create a subclass of UserIdentity
and extend it with the additional properties you want to return on the user:
[DirectoryRdnPrefix("CN")] [DirectoryObjectClass("inetOrgPerson")] public class InetOrgPerson : UserPrincipal { // Inplement the constructor using the base class constructor. public InetOrgPerson(PrincipalContext context) : base(context) { } // Implement the constructor with initialization parameters. public InetOrgPerson(PrincipalContext context, string samAccountName, string password, bool enabled) : base(context, samAccountName, password, enabled) { } InetOrgPersonSearchFilter searchFilter; new public InetOrgPersonSearchFilter AdvancedSearchFilter { get { if ( null == searchFilter ) searchFilter = new InetOrgPersonSearchFilter(this); return searchFilter; } } // Create the mobile phone property. [DirectoryProperty("mobile")] public string MobilePhone { get { if (ExtensionGet("mobile").Length != 1) return null; return (string)ExtensionGet("mobile")[0]; } set { ExtensionSet( "mobile", value ); } } ... }
In the example code above, a property is added to bind to the AD's user's mobile
field. This is done by implementing the property as shown utilizing ExtensionSet
, and then annotating the property with the DirectoryProperty
attribute to tell it what field it binds to.
The DirectoryRdnPrefix
and DirectoryObjectClass
attributes on the class need to line up with how your AD is set up.
Once this is implemented, then you will be able to get at the values simply by referencing them off User.Identity
. For example, User.Identity.MobilePhone
would return the mobile
field from AD for the user.
0 comments:
Post a Comment