We are developing a MVC 5 app for use by members of staff all having domain accounts. We wish to integrate security with Active Directory such that only members of ten specific security groups can use the application.
Additionally, members of four of the ten security groups have a requirement where they must also authenticate using two-factor authentication. Our vendor for this is Duo Security.
In a previous webforms version of the app we used session variables to flag if the users was authenticated in and referenced is in each server call before processing the request. We would like to move towards a more elegant solution but unsure the best way to proceed.