I am trying to write an ASP.NET MVC application which is a frontend to our CRM which has a SOAP web service. I would like the user to log in to my web application using their CRM username and password, and then authenticate against CRM, make web service calls on the pages etc.
I started to look at using Forms Authentication and implementing a custom membership provider – I can implement all the methods I need to like ValidateUser()
, but the problem I have is that after logging in to the CRM web service you are given a token which has to be passed with every subsequent web service call, and I am not sure where I can store this.
So my questions are:
- is Forms Authentication the way to go here, or is it going to be more straightforward to handle all of the authentication myself and store the token in Session.
- If Forms Authentication is the way to go, where and how should I store additional information like this. It seems likes using Forms Authentication but then ramming a load of additional information (which is related to authentication) into a cookie or session outside this would be a bit of a mess?
Any advice would be appreciated
Best Answer
You can store the authentication token in the userData part of the forms authentication cookie. This way it will be available on each request.
So for example once you verify the credentials of a user you could query the web service to obtain the token and manually create and emit the forms authentication cookie:
Then you could write a custom authorize attribute which will read this information and set a custom generic identity:
Finally decorate your controllers/actions that require authentication with this attribute: