What authorization method is better to choose?

J

jammywork12015-03-11 09:06:18

ASP.NET

jammywork1, 2015-03-11 09:06:18

The problem is understanding how to use authorization in asp.net mvc. Over the course of a couple of weeks, I read about a wide variety of options, from providers that were used to simpleMembershipProvider and ending with Identity.
The essence of the problem is that I have a specific type of authorization through a closed internal service. I have to provide authorization on my project by linking it to an internal service.
And there are no problems with this, I log in there, forward the values from the form, I get a token.
The question is how would I indicate that the user is already authorized?
Give him cookies? override AutorizeAttribute?
I don't know how to do it better, I'm confused in so many implementations ...
Also, where are the Claims that I attribute to the user when I perform SignIn are stored?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

G

geniy111, 2015-03-19
@jammywork1

Why reinvent the wheel if there is ASP.NET Identity.
Your backend service is very similar to an OAuth server.
In any case, use a bunch of cookies (for authorization) + OAuth (or whatever you have there, for authentication).
Regarding Claims - they are part of Identity. You yourself can decide where and how to save them (you want them in cookies, you want them in the database).