FAQ Database Discussion Community


About windows authentication

asp.net-mvc,asp.net-mvc-4,authentication,asp.net-authorization,asp.net-authentication
I enabled windows authentication for asp.net mvc project. I'm in company domain, and when I send an get request to server side, I don't see any special stuff like username/pwd in header/body. How does server know who am I? And if I send an ajax call to server, do I...

getting Roles that already set to custom Authorization attribute?

asp.net,asp.net-authorization,asp.net-authentication,custom-authentication
I customized the authorize attribute of Asp.Net but I do not know how to get the roles which I set to the attribute when I set the attribute to a method or class For example I have this CustomeAuthorizeAttribute [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)] public class CustomeAuthorizeAttribute : AuthorizeAttribute { protected override...

Conditional OR with AuthorizationFilterAttributes in ASP.NET Web API 2

c#,asp.net,asp.net-web-api,asp.net-authorization
I am writing a controller action that can be accessed by one of two groups of users; each group has it's own implementation of AuthorizationFilterAttribute containing custom logic defining how the group be authorized. I want to be able to use a conditional OR to determine that at least one...

Users in Multiple Organizations with Different Roles

asp.net-mvc,security,claims-based-identity,asp.net-authorization
I'm fairly new to setting up security for websites and am having trouble finding the correct architecture/design/pattern/best practice for the type of authentication/authorization I am needing in a .NET MVC environment. I don't even know what to call it in order to do more research. Below is an example of...

Storing hash of username using ASP.NET identity

owin,asp.net-identity-2,asp.net-authorization
I'm writing an application which needs to have personally identifiable information removed/absent at all times from the database. Given that someone may use their real name in their username, and that an email address may be present in their AspUserIdentity records, I have decided one solution might be to hash...