MVC 5 Custom Authentication

Question

I have a legacy Application that we're converting to use the MVC 5 Application template. We have a custom API method, to keep the example simple let's just say it's signature is:

bool Login(username, password);

How can I set the User as logged in, so that I can use things like the [Authorize] attribute? For the moment we want the simplest method possible just to get us started developing the site.

I tried implementing this to set User.Identity manually. But this is then reset on every subsequent request.

score 0 · Answer 1 · answered Sep 22 '14 at 12:40

In the end I extracted out the logic to the Account controller. This handles the Login and stores the result in the Session. Then I just needed to override the System.Web.Mvc.AuthorizeAttribute class and AuthoriseCore method as follows:

using System.Web;
using System.Web.Mvc;

namespace HomeHealth.Web.Infrastructure
{
    public class HomeHealthAuthorizeAttribute : AuthorizeAttribute
    {

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            return WebSession.SdkContext.IsAuthenticated;
        }

    }
}

It has some helper code to clean up accessing the Context from the session, but that's irrelevant. The point is that this is the Attribute/Method you probably want. You can then mark Controllers/Methods with the following:

[HomeHealthAuthorize]
public class PatientController : BaseController

Then all the checking/redirecting is done for you.

MVC 5 Custom Authentication

1 Answers1