c# - Cookie-less temporary authentication in ASP.NET MVC -


at moment i'm working asp.net mvc 5 , new identity 2 framework authentication , authorization. based on these principals implemented custom claim-based system able check if user action permitted passing area , action (e.g area reservation , action create).

now have requirement extend system using in multi-tenant application differentiate tenants url sub path. (e.g. https://www.mydomain.com/tenant1/{controller}/{action}.

the identity framework imho not able set cookies based on specific url sub path. on every place tried hook in , set cookie path failed.

the second use case have, granting user temporary set of actions without need logout afterwards. should work if cookies disabled.

i decided rewrite authentication system scratch fulfill needs. whats best way implement cookie less temporary login. story: user wants place reservation. therefore must authenticated navigate through wizard (2 or 3 async server requests). after finishing wizard user must logged out without interaction. created tokens must invalidated (used kiosk mode).

what kind of principles , best practices exists scenario? , experience similar use case?

look @ membershipreboot project. supports multi-tenant mode out of box. membershipreboot

writing custom authentication framework last thing should do, unless primary business.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more