ASP.NET MVC multiple distinct groups of users - authorization/authentication

Question

I have done a lot of research on trying to accomplish this, but I have not really found a clear cut "best way" to accomplish this. I am working on an application that has many distinct groups of users, essentially it allows multiple companies to use the same application - very much like Google apps. Here is an example of what I mean:

In Google Apps - user goes to mail.company.com -> they are redirected to mail.google.com/a/company.com.

I understand how to use CNAME records and can pull the host from the domain once it has been redirected to my app so that my app would translate the URL to my.app.com/company.com. Also, all of my routes have been configured to take a {companyURL} attribute.

So the issue now becomes, how do I provide "dynamic" role checking? It seems that it would be easy enough to create a custom role provider that sets the user's company name and other roles withing that company, but I don't know how to get the {companyURL} to the authorization filter. Is it possible to have a dynamic variable in the authorization filter or do I have to check this inside each controller/action (using some function)? Or is there another method to accomplish this that perhaps I have not thought of yet?

Thanks

Answer 1

I would go with a custom role provider class, or a custom IAuthenticationFilter if you already have roles defined in another system.