kidwellj/findcommonground.uk
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Code highlighting

Browse source
This commit is contained in:
Robert Fitch 2016-04-13 11:35:47 +02:00
parent da60856dee
commit 33adeef6c5
1 changed files with 11 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md
View file

@ -69,7 +69,7 @@ The App ID URI and the On-Premises Authority URL are stored in the <appSettings>
And the OWIN-Code to specify the on-premise authentication is in Startup.Auth.cs: And the OWIN-Code to specify the on-premise authentication is in Startup.Auth.cs:
``` csharp ``` csharp
public partial class Startup public partial class Startup
{ {
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"]; private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
@ -86,7 +86,8 @@ And the OWIN-Code to specify the on-premise authentication is in Startup.Auth.cs
MetadataAddress = adfsMetadata MetadataAddress = adfsMetadata
}); });
} }
} }
```
# Configure the On-Premise Identity Server (Job for IT) # # Configure the On-Premise Identity Server (Job for IT) #
@ -146,12 +147,12 @@ Because we have configured the outgoing claims to include a role for every group
You may create a controller with the Authorize attribute like this: You may create a controller with the Authorize attribute like this:
``` csharp ``` csharp
[Authorize] [Authorize]
public class RoleController : Controller public class RoleController : Controller
{ {
} }
```
The **Authorize** attribute forces the user to be logged in before any requests are routed to this controller. The log in dialog will be opened automatically if necessary. The **Authorize** attribute forces the user to be logged in before any requests are routed to this controller. The log in dialog will be opened automatically if necessary.
@ -159,7 +160,7 @@ It is also possible to use the **Authorize** attribute not on the entire control
Once inside a controller (or method) requiring authorization, you have access to the security Information of the user. In particular, you can check membership in a given role (group) like this: Once inside a controller (or method) requiring authorization, you have access to the security Information of the user. In particular, you can check membership in a given role (group) like this:
``` csharp ``` csharp
if (User.IsInRole("_Architects") if (User.IsInRole("_Architects")
{ {
// do something // do something
@ -168,16 +169,17 @@ Once inside a controller (or method) requiring authorization, you have access to
{ {
// do something else // do something else
} }
```
Within a cshtml file, you may also want to react to user membership in a certain role. One way to do this is to bind the cshtml file to a model class which contains the necessary boolean flags. Set those flags in the controller, e.g.: Within a cshtml file, you may also want to react to user membership in a certain role. One way to do this is to bind the cshtml file to a model class which contains the necessary boolean flags. Set those flags in the controller, e.g.:
``` csharp ``` csharp
model.IsArchitect = User.IsInRole("_Architects"); model.IsArchitect = User.IsInRole("_Architects");
```
Pass the model instance to the view, then evaluate those flags in the cshtml file: Pass the model instance to the view, then evaluate those flags in the cshtml file:
``` csharp ``` csharp
@if (Model.IsArchitect) @if (Model.IsArchitect)
{ {
<div style="color:#00ff00"> <div style="color:#00ff00">
@ -190,5 +192,6 @@ Pass the model instance to the view, then evaluate those flags in the cshtml fil
<text><b>No, you are not in the Architect group.</b></text> <text><b>No, you are not in the Architect group.</b></text>
</div> </div>
} }
```
Instead of using flags within the data binding model, it may be easier to have the controller just assign a property to the ViewBag and evaluate the ViewBag in the cshtml file. Instead of using flags within the data binding model, it may be easier to have the controller just assign a property to the ViewBag and evaluate the ViewBag in the cshtml file.