How to perform one time action on first login using ASP.NET MVC5 Windows Authentication -

i creating web application using asp.net mvc5 framework 'windows authentication' - i.e. creating intranet application authenticating users against active directory.

when new user defined in company's active directory, i'd need catch first login , redirect him onto profile page, user prompted fill info.

i able catch user's first login simple database, if user has here own record in table. if not, user here first time , can create him such record.

here comes deal - after extensive searching through possibilities seems "reasonable" way how via custom authenticationfilter - put db check logic into

onauthenticationchallenge(authenticationchallengecontext filtercontext) 

method.

the reason why put "reasonable" quotes on 1 hand, approach fits mvc philosophy - mean not 'hack' approach.

on other hand - since using windows authentication, there no login action in controller. user can type whatever 'www.mysite.com/controller/action' url , if not logged in, there no redirect login page, windows security box appears prompting credentials. means have register custom authentication filter globally cover controller/action patterns. mean db check performed each , every request - don't this. not sure how performance hit make, doesn't seem right design point of view.

the last thing i've tried use authentication filter catch 'unauthenticated' users , redirect them 'login' action - here found windows security box appearing before authentication filter fired, technically custom authentication filter never catches unauthenticated user.

so question - there better approach how step in logging process 1 time action? or can use have - i.e. globally registered authentication filter performing db check every request ?

thanks

finally have working solution this.

the problem:

mvc5 aps.net intranet application using windows authentication. after successful login against active directory want find out if user here first time , if so, create him record in application database.

the solution:

since @ end of day interested in authenticated , authorized users i've created globally registered action filter i.e. filter applied every single controller/action combination after successful authentication/authorization.

inside filter checking if current session has flag isnewsession set true. if so, performing check against application db. way if action filter invoked each request doing roundtrip database once - during user's first request.

the implementation:

public class dbcheckfilter : actionfilterattribute {     private appdbcontext db = new appdbcontext();      //we overriding onactionexecuting method since 1     //is executed prior controller action method     public override void onactionexecuting(actionexecutingcontext filtercontext)     {         //is new session         if (filtercontext.httpcontext.session.isnewsession)         {             //we storing users in db based on active directory             //guid - therefore need 'userprincipal' object             //instead of 'windowsprincipal' provided filtercontext             using (var principalcontext = new principalcontext(contexttype.domain))             {                 var principal = userprincipal.findbyidentity(principalcontext, filtercontext.httpcontext.user.identity.name);                  if (principal != null)                 {                     //finally perform db check                     if (!createuserindbifnew(principal.guid.value, principal.displayname))                     {                         filtercontext.result = new httpunauthorizedresult();                     }                 }                 else                 {                     filtercontext.result = new httpunauthorizedresult();                 }             }         }          base.onactionexecuting(filtercontext);     }