The service principal is used for saving application connection information in Active Directory so that an application can know where to connect from anywhere in your network to without having to manage locally stored settings. It is not used for authentication or authorization.
To perform authenrication or authorization in MVC, you'll need something along these lines:
using System.DirectoryServices.AccountManagement;
namespace MyWebApp.Controllers
{
public class MyLandingPage : Controller
{
public ActionResult Index()
{
if (!User.Identity.IsAuthenticated)
{
return new RedirectToAction("AutheticationFailure", "ErrorController");
}
var adContext = new PricipalContext(ContextType.Domain);
Pricipal user = Principal.FindByIdentity(adContext, User.Identity.Name));
if (user == null)
{
}
GroupPrincipal group = GroupPricipal.FindByIdentity(context, "MyWebAppUserGroup");
if (group == null)
{
}
if (user.IsMemberOf(group))
{
}
else
{
}
}
}
}
You'll need to add the reference to the DirectoryServices.AccountManagement dll.
***EDIT
Wait, I just confused Service Pricipals with Service Connections. Let me read up a bit and adjust the code.
***EDIT REDUX
If I am understanding what you are trying to do, you have configured an SPN to know where to connect. You don't use SPNs for authorization, so the above code still stands.
Additional Points:
Web applications are stateless so you will need to authorize the users with each web call.
For privilege based menus, you can determine user permissions and add their permission level into a model that you pass to the view and use that in the Razor view engine to include/exclude menus based on individual users.