Last post Jan 15, 2014 01:02 AM by Shawn - MSFT
Jan 10, 2014 04:51 PM|Neelam ANand|LINK
I need to design the framework for the ASP.Net applictaion which will -
1) authenticate the user by the credentials provided through the form by calling the webservice and then
2) get all the authorizations from the entitlement webservice for that user for the 6 small apps inside the main application.
3) after the user is authenicated the screen is displayed which contains the dropdown which is filled based upon what applictaion the user is authorized to. then the user selects the applictaion from the dropdown and then based upon the application selection
the screen to which the user is authorized to is retrieved from the entitlements webservice and menu is created for the same.
Jan 15, 2014 01:02 AM|Shawn - MSFT|LINK
Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP
module to perform custom authentication.
When the host authenticates the user, it creates a principal, which is an
IPrincipal object that represents the security context under which code is running. The host attaches the principal to the current thread by setting
Thread.CurrentPrincipal. The principal contains an associated
Identity object that contains information about the user. If the user is authenticated, the
Identity.IsAuthenticated property returns true. For anonymous requests,
IsAuthenticated returns false. For more information about principals, see
Authorization happens later in the pipeline. That lets you make more granular choices when you grant access to resources.
To write a custom authorization filter, derive from one of these types:
The following diagram shows the class hierarchy for the AuthorizeAttribute class.
For more information, you could refer to the following links: