Mixing windows & forms authentication

I came across a situation today where I needed to mix two different authentication types on ASP.net MVC 4 application. The reason for this being that the client requirements, that although they use Active Directory they did not want to manage roles and responisbilities in an application through Active Directory. They still wanted the ability for administrators defined in an application to manage roles and access.

I experimented a little on how to achieve this, and the following is a solution I came up with.

I created an ASP.net MVC 4 application and enabled it with Windows Authentication. I then created a class within the application to inherit from the WindowsPrincipal.

I also created a Principal Serializable model class, which we will use to serialise the data to JavaScript

I created an interface for a basic security service  that will be used to get the role data from the database.

The concrete implementation of the class, is a really simple class that just gets some values from the database. I used the repository pattern for this.

We’ll be using Unity as IOC container, so just some simple Set up ocde to set up our dependencies i.e. Security Service and Repositories, so we’ll just wire up unity


In the Global asax I implemented the code within the WindowsAuthentication_OnAutenticate method

I also implemented a Security Attribute

This code is not entirely production ready at this point, and I still need to put it through some more tests.

Gary Woodfine

Freelance Full Stack Developer at threenine.co.uk
Helps businesses by improving their technical proficiencies and eliminating waste from the software development pipelines.

A unique background as business owner, marketing, software development and business development ensures that he can offer the optimum business consultancy services across a wide spectrum of business challenges.

Affiliate Disclaimer

Disclosure: Please note that some of the links included in the blog posts are affiliate links, which means I will earn a commission if you decide to make a purchase.

I only include affiliate links to products, services and companies that I have personal experience and have actually used. I only recommend them because they are helpful and useful, not because of the small commissions I make if you decide to buy something.

Please do not spend any money on these products unless you feel they are relevant, suitable and will help you achieve your goals.

Buying anyone of these products and the commisions earned will not make me an overnite multi millionaire, but they will help to cover the hosting costs and compensate for the countless hours and effort I put in to create meaningful and valuable free content I provide to help others succeed.

You've also undoubtedly noticed that I also use various advertising networks - unless of of course you're using an Ad blocker, this is also an attempt to reduce my monthly deficit I experience in providing free relevant, valuable and on occassion insightful content for the benefit of others.

I only really make some money if people click on the ads, unless of course you consider 1c per 1000 impressions real money!

Bear in mind just how many impressions I need to make before I can cover my £20 hosting costs a month!

If you are using an adblocker and guilt stricken you can of course donate using any of the buttons below, but I won't be holding my breath.

Buy me a coffeeBuy me a coffee