0

I have been going around in circles trying to properly understand this.

I have an ASP .Net MVC project I am working on and need to implement user logins that authorize and authenticate against en external system (via webservice).

I can't seem to get my head around MembershipProvider and AuthorizeAttribute in the context that I require.

Which do I need to use (I believe its both) and where do I need to customize to provide the authentication against an external system.

There is one additional thing I also require on top of the default ASP .Net user principals in that the external webservice will return a session ID upon successful login that would be used for subsequent requests to external services.

Would someone be able to point me in the direction of some useful example of this sort of set up?

AverageMarcus
  • 903
  • 1
  • 9
  • 26

1 Answers1

0

MembershipProvider is used to provide the users that may login the system. The RoleProvider is used to tell which roles a user has. They are used during the authentication process. i.e. identifying the user. You can read about membership vs roles

The [Authorize] attribute on the other hand is used during authorization. i.e. to check if the user is allowed to do something.

jgauffin
  • 99,844
  • 45
  • 235
  • 372
  • So I would need to implement both. The `MembershipProvider` would need to override `ValidateUser()` and `AuthorizeAttribute`would need to override `AuthorizeCore()`? Where do I add the additional SessionId? – AverageMarcus Feb 08 '13 at 14:34
  • You don't have to do anything with Authorize other than using it. It uses the user which you have provided with the membershipprovider – jgauffin Feb 08 '13 at 14:35
  • Thanks, this really helped. For others implementing a similar thing I also recommend looking at http://stackoverflow.com/questions/1064271/asp-net-mvc-set-custom-iidentity-or-iprincipal/10524305#10524305 – AverageMarcus Feb 08 '13 at 17:04