I am creating an MVC web site, and I have to mix form authentication (built-in authentication) with Twitter Authentication My site (ultimately it will also have Facebook / Google authentication).
The approach I am taking is this: - I argue that creating users and users / different thinking. - I have created a new user table where I save the user's name, the user's ID in my site and the authentication service of that user ("Form", "Twitter", "Facebook"). - When a user logs in to use any authentication methods, then I create a standard authentication cookie, add User ID to the user ID and authentication service of the cookie.
Now, I want the user to be able to log in after the browser is closed, there is nothing that is used to login the user. With this I mean, if the user reopens the site, then he will not have to authorize Twitter on the site. Now, with access to cookies, MVC loads user information from the cookie and when the user enters the site, I think what he really wants.
The problem is that if the user uses my site, the user's authentication cookie will still be valid, and the user will appear as a login, even if the authorization for my site was canceled.
My question is, is there any way to validate the authorization in the moment, loads information from the MVC authorization cookie? I know that I can use custom authorization and authorize it on the standard method, but it will only apply when the user is accessing the action math which requires authentication.
Thank you for your help.
/ Div>
which implements IHttpModule and HttpApplication.AuthorizeRequest handles events.
Comments
Post a Comment