Reputation: 125
Adding ASP.NET MVC5 Identity Roles to my existing intranet project
I've read a lot of blog posts concerning the Identity way to handle Role Management in MVC5 but most of them seem to integrate registration systems and the such. I want to know if I can simply use the Roles.
I have an existing MVC5 project where I pull my users from Active Directory and store them in a custom User model class. Is it possible to integrate Identity Role management with such a project?
I'm fairly new the ASP.Net MVC and so far this has caused me a few headaches. Will I have to use a model class which extends IdentityUser? If so, can I still use my active directory users and simply map the GUID, email, name, etc to that new class and then on use the Roles to limit access to my application views?
Upvotes: 2
Views: 1174
Answers (1)
Reputation: 25551
While I'm not using ASP.NET Identity in production yet (perhaps in a few months) I do have a test project put together that authenticates against active directory for internal users. You will have to roll your own implementation to make this work though.
Here are some shortened samples to show how I am hitting active directory in different methods:
Roles
public async Task<IList<string>> GetRolesAsync(User user) {
List<string> roles = new List<string>();
//Active Directory Roles
if (user.Email.Contains("@mycompany")) {
var directory = new CompanyDirectory();
var adGroups = directory.GetGroupsByUser(user.Email);
if (adGroups != null && adGroups.Count > 0) {
roles.AddRange(adGroups);
}
}
//SQL Server Roles
var dbRoles = await _context.Users
.Where(u => u.UserName == user.UserName)
.SelectMany(u => u.Roles)
.Select(r => r.Name)
.ToListAsync();
roles.AddRange(dbRoles);
return roles;
}
Auth
public override async Task<User> FindAsync(string userName, string password) {
var identityUser = await base.FindByNameAsync(userName);
if (identityUser != null) {
if (userName.EndsWith("@mycompany.net")) {
var directory = new CompanyDirectory();
var isValidated = directory.ValidateUser(userName, password);
if (isValidated) {
return identityUser;
}
} else {
//SQL Server Auth
}
}
return null;
}
You don't need to extend the IdentityUser class as that is actually the default class used by the Entity Framework implementation (even though I use SQL Server, my database schema is much different than the default ASP.NET Identity implementation so I use my own models). At the very least what you need to implement is IUser (this is actually what the IdentityUser implements). Here is how I am implementing it:
public partial class User : IUser<Guid> {
}
I have another partial class with the same name which contains all the properties and information used by the Entity Framework.
Upvotes: 1
Related Questions
- Adding ASP.NET MVC5 Identity Authentication to an existing project
- Creating Roles in Asp.net Identity MVC 5
- unable to add roles in asp.net identity
- Use Roles in ASP.NET MVC 5 Identity 2.0
- ASP.NET Identity Adding Role
- ASP.NET Identity roles
- Adding Identity 2.0 Roles to custom Identity
- adding roles in asp.net mvc 4 application using identity provider
- Wiring Up Custom Roles with MVC5 Identity
- Adding MVC 5 Identity to an Existing Project