We are currently starting to use MVC and are now looking at authentication. .net Authentication isn't necessarily our strongest point, so looking for some advise or pointers.
Our current set up:-
- Basic Windows authentication
- system uses the authenticated user to query a 3rd party system to get their current roles
- these roles are then stored in session variables and used when ever authorisation is required
- Any additional user details are called upon as and when needed from various tables
What we'd like to achieve :-
- Basic Windows authentication (perhaps create a forms authentication cookie on the back of it)
- System users the authenticated user to query 3rd party system to get their current role/s,
- These roles are stored within the cookie, and can be accessed via User.Roles etc
- Any additional user details (i.e. user favourite colour) will be called on authentication and store against the user profile. The additional user details will be stored in a single table as key value pairs.
Is this the correct way to go about this? we're struggling to find any samples etc to match the scenario we are after.
unfortunately, we need to use this 3rd party system to access the roles, this is achieved via a web service call.
Are there any new advances with MVC 4 which could greater handle authentication with additional user details? any help, or advise would be greatly appreciated. :)