Mixing Windows Authentication with Claims

Question

I feel like I might be going down the wrong route here, and was hoping someone would be able to do a little course correcting!

I'm creating a web app which uses Windows Authentication. However, I wish to assign custom claims/roles to specific windows users, which I'm planning on storing in a SQL database.

I thought a way to do this would be to enable Windows Authentication in the web.config of my app, but to add an AuthenticationManager from WIF which can add custom claims (which come directly from the database) to the principal/identity. Then an AuthorizationManager would handle authorization to specific controller actions.

The problems I'm having right now is that my Authentication and AuthorizationManagers aren't being called. I'm not sure what I'm missing (they're registered in the web.config), but I suspect maybe it's because I'm using Windows Authentication...? Additionally, my Authorize attributes aren't calling the AuthorizationManager, possibly because I need to create a new attribute.

Is this a viable route to go down, or should I be looking at creating a custom RoleProvider instead?

Answer 1

The ClaimsAuthenticationManager is not called automatically - the FAM calls it.

That said - you can call it yourself, e.g. in Post_AuthenticateRequest and then set a cookie using the SAM. Thats totally doable.