MVC3 mixed forms and Windows authentication

2019-07-07 01:09发布

I currently have an intranet site that is accessed by external customers. I therefore set this up using Forms Authentication. However the powers that be (my bosses) want all our domain users to not have to enter their username and password to access the site.

I've done a bit or reading and everything seems to point to setting up a WinLogin.aspx page that you alter to use WindowAuthenthication and then redirect from there.

I have a problem with this as I don't like the idea of putting an aspx form in my mvc application.

Can anyone tell me how to achieve mixed authentication using a strictly MVC Controller/Action setup without a second application?

NOTES: running MVC 3 on an IIS 7 box.

1条回答
在下西门庆
2楼-- · 2019-07-07 02:03

Forms Authentication is not related to the URL or physical structure of your files. What matters is that a URL should ultimately map to a physical (or virtual) resource on the server, and be processed, and be returned back to the user.

Thus, somewhere in between for each incoming call (each HTTP request, even those for CSS and JavaScript files), you have to see if the current user has enough permission to access it or not. If no, then you might redirect him to the login page.

If you want, you can have a URL like /user/windowslogin where user is the name of the controller, and windowslogin is the name of your action method. Then you can create a custom authentication attribute (something like [WindowsAuthentication]) on your windowslogin action, and in that attribute (which is an MVC filter in essence), you can see if the current request comes from within your domain, and if so, talk to Active Directory for authentication or stuff like that, and on case of successful authentication, create an authentication cookie using FormsAuthentication class, and the rest of the story.

However, I don't think this would be an easy task. Others might introduce better solutions.

查看更多
登录 后发表回答