Simple Management of Form Authentication and Windows Authentication in ASP. NET MVC

Generally, Internet applications, such as Renren and Weibo, require user logon. If users do not log on, they cannot use this website. Therefore, FormAuthentication is used here to require the user to fill in the user name and password. After successful login, FormAuthentication. SetAuthCookie () writes an authentication Token to the client Cookie.

 

Windows Auhentication is generally used for internal enterprise applications and internal enterprise information systems. because the enterprise has its own domain, the employee's computer has an ID in this domain, and this ID is unique, all operations will be performed through this ID. The internal information system of an enterprise does not need to be registered by the user. Therefore, Windows Authentication is used. however, you must note that FormAuthentication. setAuthCookie () is often written into very simple fields, generally username, and the real User entity in the system is a very complex object with a lot of information. Therefore, every time a User enters the system, the program will find the detailed User object in the database based on the User ID or username and put it in the Session. Generally, these operations are performed in Session_Start () in Global. asax. cs.

 

Protected void Session_Start (object sender, EventArgs e) {var securityHelper = new SecurityHelper (); securityHelper. authenticate ();} public class SecurityHelper {private string GetWindowsVcnUserName () {// Get windows user var loggedUser = System. web. httpContext. current. user. identity; if (loggedUser! = Null) {string username = loggedUser. name; username = username. substring (username. indexOf ('\') + 1); username = username. toUpper (); return username;} return null;} public virtual bool Authenticate () {// Inject implementation of the UserService through DI if (UserService = null) {UserService = Container. resolve <UserService> ();} string userLoggin = GetWindowsVcnUserName (); // Get user from e Xternal authorization system var user = UserService. getUser (userLoggin); if (user = null) {// indicates that this user does not exist in the database. In this case, you can set the corresponding logic as needed to prompt that the user cannot access this system, you can also create a Guset account for this user.} // Set session System as needed. web. httpContext. session. add ("user", user); return true ;}} protected void Session_Start (object sender, EventArgs e) {var securityHelper = new SecurityHelper (); securityHelper. authenticate ();} public class Securi TyHelper {private string GetWindowsVcnUserName () {// Get windows user var loggedUser = System. Web. HttpContext. Current. User. Identity; if (loggedUser! = Null) {string username = loggedUser. name; username = username. substring (username. indexOf ('\') + 1); username = username. toUpper (); return username;} return null;} public virtual bool Authenticate () {// Inject implementation of the UserService through DI if (UserService = null) {UserService = Container. resolve <UserService> ();} string userLoggin = GetWindowsVcnUserName (); // Get user from external authorization system var user = UserService. getUser (userLoggin); if (user = null) {// indicates that this user does not exist in the database. In this case, you can set the corresponding logic as needed to prompt that the user cannot access this system, you can also create a Guset account for this user.} // Set session System as needed. web. httpContext. session. add ("user", user); return true ;}}

After that, you only need to obtain the User information from the Session during the Session lifecycle, because the Session contains a detailed User object.