User1209142922 posted
Hi Guys,
I have to deal with an existing MVC4 application's authorization code. The code is relying on Asp.net IPrincipal and the class goes like this
public class CustomPrincipal :IPrincipal
{
public Identity{get;set;}
public CustomPrincipalModel CustomPrincipalModel
{
}
public bool IsInRole()
{
//Authorization code logic comes here
}
}
[Serializable]
public class CustomPrincipalModel
{
public int id{get;set;}
public int age{get;set;}
public string FirstName{get;set;}
public string LastName{get;set;}
public string[] AccessLevels{get;set;}
public string[] Permissions{get;set;}
}
Just an overview about the above. The class for Authorization functionality is given above. On Login() function the "CustomPrincipalModel" is set with the required values, ie the roles and permissions and then encrypt it using FormsAuthentication.Encrypt
and stored as userdata along with authorization cookie. The code is working fine. The IsRole() function checks the user authorization on each request from the HttpContext -> CustomPrincipalModel accesslevels and permissions.
We have a new requirement
1:To store new levels of information in CustomPrincipalModel. When we added those information as properties the Authorization Cookie exceeded 4096 limit. This is an issue. We are thinking to store the session, ie the custom principal in Redis Cache in azure.
Please share your thoughts on this?
2: We have another requirement to integrate other types of authentications like Google, Twitter, Facebook etc along in this IPrincipal. Right now the login screen is having just username/password field , authenticated against a database and then Authorization
Cookie is set. Incase if we are integrating other forms of authentication, what is the recommended approach in this scenario. Could you please share your thoughts on this. ?
3: We are storing the Access Levels and Permissions as just pure strings: eg: Read, Write, Recursive and so on. Any other good types to handle user permissions?
