I am using windows authentication in my application. I am using MVC3 –Asp.Net with Entity framework. I have a list of menu, which are buttons. I am displaying them using them using sitemap. I am able to hide or show those buttons using the roles available in the Active directory. I have two issues
1) If I log in as a basic user(Some of the buttons are not visible to me) , which is what I want but if I am typing a Controller/Action(this Page should be invisible to me) in browser it loads up.
Solution:
I am checking the User and its role as the first line in the Action, if I am authorised to see that, then I am displaying otherwise redirecting to the other page. It is taking time to authenticate a user from the Active Directory.
2) If I log in as a basic user and trying to see a Action been authorised for super user it still displays(when I manually type the Controller and Action Name)
Solution:
I am checking the User and its role as the first line in the Action, if I am authorised to see that, then I am displaying otherwise redirecting to the other page. It is taking time to authenticate a user from the Active Directory.
Clarifications:
I can use Authorize attribute with roles and I am thinking this is only for ASP.NET Membership, and Hence Does not seems to work as my roles are coming from the Active Directory in the System.
Question:
Could any one point me to solution, where Instead of checking the permissions on each view can I not do that in Global. asax file. If I can authenticate the user once when he logged in , I don’t need to authenticate him for other views.
