Use the custom authorization with ASP.NET Identity 2.1

Introduction

ASP.NET Identity is the new membership system for ASP.NET applications. ASP.NET Identity makes it really easy to customize profile and add Login/ LogOut functionality to the application. Please visit http://www.asp.net/identity to learn more on getting started with ASP.NET Identity and how you can add users and protect your websites using Roles

Background

For user access-right control, we can also create the custom authentication , for this way, we don’t need to use the ASP.NET identity system at that time, but we need to handle all of the access-right control flows, and if we use the  MvcSiteMapProvider, it will be difficult to integrate the access-right functions, because the MvcSiteMapProvider use the build-in ASP.NET identity for control the user right.

In many of times, we need use ASP.NET membership with the identity, but how about if we don’t  use the membership at this time? I usually uses my own user/group tables for my system, but I also want to use the ASP.NET identity for handle my access control’s flow, this article will describe how to do it.

ASP.NET Identity supports claims-based authentication, where the user’s identity is represented as a set of claims. Claims allow developers to be a lot more expressive in describing a user’s identity than roles allow. Whereas role membership is just a boolean (member or non-member), a claim can include rich information about the user’s identity and membership.

Using the code

We will use the claims-base authentication for our custom user access-right system.

  1. First, we can handle the login logic with our user table, just simple to check the user name and password base on the user table.
  2. After login successfully, we can create a sign-in action with claim as below (this is the main point):
    //add the base user role after login
    var identity = new ClaimsIdentity(new[] {
            new Claim(ClaimTypes.Name, "Winson"),
            new Claim(ClaimTypes.Role, "Administrator")
        }, "ApplicationCookie");
    var ctx = Request.GetOwinContext();
    var authManager = ctx.Authentication;
    authManager.SignIn(identity);
  3. And then you can use the identity attribute in the controller or action for the access-right control
    [Authorize(Roles = "Administrator")]
    public ActionResult Test()
    {
        //to do other logic...
    
        return View();
    }
  4. And you can also add the claim object in the fly
    //use the ASP.NET Identity role function                            
    var identity = (ClaimsIdentity)User.Identity;
    if (identity != null)
    {
        //you can remove all at first
        foreach(var claim in identity.Claims)
        {
            identity.RemoveClaim(claim);
        }
    
        identity.AddClaim(new Claim(ClaimTypes.Role, "Mail"));
        identity.AddClaim(new Claim(ClaimTypes.Role, "Subscriber"));
    	
    	var ctx = Request.GetOwinContext();
        var authManager = ctx.Authentication;
    
        authManager.SignIn(identity);
    }
  5. For above code, you can easy to control the user and role by yourself, you can set the claim’s role base your user group table 🙂

40,676 total views, 18 views today

Do you like this post?
  • Fascinated
  • Happy
  • Sad
  • Angry
  • Bored
  • Afraid

winson

Leave a Reply

coder-blog-1
shares