I'm building an intranet type site with ASP.NET 5 that uses Windows Authentication. I have the authentication working, but I don't want everyone on the domain to have access to the intranet site. I can't use domain roles so I've set up my own custom roles in my SQL Server. I have a table that maps the domain username to roles. I want to restrict access to the intranet site to only users that have a role defined in my SQL Server role table. How would I set up custom roles for Windows Authentication in ASP.NET 5? Thanks!
Asp.net-mvc – ASP.NET 5 Custom roles for Windows Authentication
asp.netasp.net-coreasp.net-mvcauthenticationwindows-authentication
Best Answer
You don't set up custom roles. You need to create a custom authorization attribute, as described here.
UPDATE:
Yes, you can use your custom authorize attribute globally. Let's say here's your custom authorize attribute:
Then, you can either use it at the Action level or Controller level like this:
Or, you can register it as a global filter in your FilterConfig class under the App_Start folder, like this: