ASP.NET MVC Intranet Application. Roles Based Authentication linked to Users Table in application

Question

I am at the beginning of writing an ASP.NET MVC application that will use Active Directory authentication.

I don't want the users to have to log in I want the ability to authenticate the user from their domain credentials and assign them roles.

I want to be able to assign roles to AD Users and AD groups using some kind of Admin views.

Are there any resources that deal with this?

Most importantly I want to be able to link the domain credentials with a User table in my application (it is essentially a Helpdesk Ticket application). How can I successfully link a user in my application DB to a Windows Authenticated account?

Thanks

Please ask for clarification if this does not make sense.

MVC 4 Intranet Authentication with Custom Roles

This seems to be a good resource, but any advice would be great

Answer 1

Windows Authentication will verify the user exists on the AD, if you want to verify they exist in your user table, you can use a CustomAttribute (I'm using the EntityFramework):

public class AuthorizeDB : AuthorizeAttribute
{
    ProjectDB db = new ProjectDB();

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
            return false;

        var name = httpContext.User.Identity.Name;
        return db.Users.FirstOrDefault(u => u.UserName == name) != null;
    }
}

and decorate your classes with [AuthorizeDB] or set it for the entire application. The User.Identity.Name will come in as Domain\Username

If you're using custom Roles within your application, it should be about the same as any other type of authentication. Link a user with a role and then validate the roles they are in.