Integrating ASP.NET MVC 2 and active directory as well as Windows Authentication

Question

I am currently writing an MVC2 application using both windows authentication and active directory. I am still relatively new to MVC2, so I am a little confused about exactly where to implement any authorization code In addition to Authentication. I know that you edit the web.config file in the MVC2 application to enable windows authentication for instance. Is that all there is too it?

In terms of checking for a users roles once that user is authenticated through Windows Authentication, would that be implemented in the controllers? Should that be implemented outside the MVC application like in a library or something?

Any help with this would be appreciated.

Answer 1

Be careful not to mix authentication and authorization.

Authentication is making sure who the user is. Using windows authentication is pretty simple : enable it in IIS and in web.config, that's all. When a user goes to your site, if it's on a domain, he will be automatically authenticated, if browser security settings allows it (by default on Internet Explorer if the site is intranet zone). Otherwise he will be asked his user/password.

Authorization is making sure what the user can do. This is enabled via custom logic.

See :

• Customizing authorization in ASP.NET MVC
• ASP.NET MVC Authorization
• http://www.google.fr/search?q=asp.net%20mvc%20authorization