c# - ASP.NET Identity - Custom Implementation with Multi-Provider -
i'm working on big project car dealers , have dilemma.
should use asp.net identity or old school formsauthentication?
i need able login via 2 providers. first, user in database, check if ldap user, if so, authenticate via ldap (i use webservice has login method).
here's login method:
[httppost] [allowanonymous] [validateantiforgerytoken] public async task<actionresult> login(loginmodel model) { if (modelstate.isvalid) { var userindb = this.db.users.firstordefault(u => u.username == model.username); if (userindb != null) { // user exists if (userindb.isldap) { try { // ldap powered, ignore password in db using (var ws = webserviceclient.factory(model.getdomain())) { // make auth var result = await ws.login(model.getusername(), model.password); if (result.success) { // user legal formsauthentication.setauthcookie(model.username, model.remember); return redirecttoaction("init"); } else { // user illegal modelstate.addmodelerror("", "username or password invalid."); } } } catch (exception ex) { // error occured in creation of webservice errorutils.send(ex); modelstate.addmodelerror("", ex.message); } } else { // user db powered, check passwords var currenthash = userindb.password; var ispasswordokay = passwordutils.validate(model.password, currenthash); if (ispasswordokay) { // user password legit formsauthentication.setauthcookie(model.username, model.remember); return redirecttoaction("init"); } else { // bad password modelstate.addmodelerror("", "username or password invalid."); } } } else { try { // user not exists in db using (var ws = webserviceclient.factory(model.getdomain())) { // make auth var result = await ws.login(model.getusername(), model.password); if (result.success) { // user legal in ldap create in db var ldapuser = (authresponse.authresponseuser)result.user; var name = ldapuser.displayname.split(' '); var user = new user() { firstname = name[0], lastname = name[1], activatedat = datetime.now, modifiedat = datetime.now, email = model.username, isldap = true, username = model.username, password = "", notifications = notificationtype.all }; // dealer add user right var dealer = this.db.basecontexts.find(ws.dealer.id); user.basecontexts.add(dealer); dealer.users.add(user); try { this.db.users.add(user); this.db.entry(user).state = system.data.entity.entitystate.added; this.db.entry(dealer).state = system.data.entity.entitystate.modified; await this.db.savechangesasync(); formsauthentication.setauthcookie(model.username, model.remember); return redirecttoaction("init"); } catch (exception ex) { errorutils.send(ex); modelstate.addmodelerror("", "an error occured during user creation."); } } else { // user illegal modelstate.addmodelerror("", "username or password invalid."); } } } catch (exception ex) { // error occured in creation of webservice errorutils.send(ex); modelstate.addmodelerror("", ex.message); } } } return view(model); } how can optimize or implement asp.net identity in this? read multi-tenant i'm not sure is.
i'm using formsauth right , works seems limited. example, creating user difficult, identity framework has usermanager helpful!
clearly, want bulletproof authenticate via db or ldap depending on (bool)user.isldap property. though creating small class act "auth service" can't find way structure , make fast.
edit: i'm aware of external providers identity not sure if can create own ldap auth.
using asp.net identity better way go because uses owin stack instead of relying on system.web. done performance , seperation of concerns reasons. it's know newer versions of mvc going way.
what trying use mixed authentication of both forms , windows. while there many ways this, easiest enable windows auth on web server , allow iis heavy lifting remove need webservice. if direction want go, may want have @ similar question should headed in right direction.
even if don't solution proposed, end implementing own owin middleware authentication.
Comments
Post a Comment