AuthorizeAttribute v Application_AuthenticateRequest
https://stackoverflow.com/questions/8837119
-
27-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We want to authorize users and if they are authorized we want to add their roles and permissions to the user and add that to the IPrinciple
We have 2 ways of doing this one is to do it in global.asax Application_AuthenticateRequest the other is to create an attribute that inherits from AuthorizeAttribute
Is there any gleaming good choice here?
Solution
In ASP.NET MVC you should prefer a custom authorize attribute. If on the other hand you want this code to be reusable with classic ASP.NET applications then you could use Application_AuthenticateRequest or write a custom HttpModule and use the AuthenticateRequest event.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
