Last post Feb 11, 2015 10:05 PM by Starain chen - MSFT
Feb 10, 2015 03:12 PM|wgwrightii2|LINK
I have an asp.net mvc application that I have created with VS 2013 express. I have deployed the application in IIS using windows authentication on a windows domain. I have tried using the authorization attribute on actions in my controller as in the example.
Regardless of whether a user is in the supervisors group on the Dispatch domain or not they have access to this method. I have read several articles on this but I can't make it work.
[Authorize(Roles = "@Dispatch\Supervisors")]
Feb 10, 2015 03:14 PM|BrockAllen|LINK
Are you also using WebAPI in your project? Make sure this is the MVC [Authorize] and not the Web API [Authorize] -- you can tell by the different namespace it comes from.
Feb 10, 2015 03:27 PM|wgwrightii2|LINK
I am not sure. I went to New Project>ASP.NET Web Application>MVC>ChangeAuthentication>WIndows Authentication.
Feb 11, 2015 02:49 AM|Starain chen - MSFT|LINK
The value of Role should be @”Dispatch\Supervisors” instead of “@Dispatch\Supervisors”.
There are some links that may benefit you:
# Authenticating Users with Windows Authentication (C#)
# AuthorizationAttribute with Windows Authentication in MVC
Feb 11, 2015 09:30 AM|wgwrightii2|LINK
Thanks for your reply. Actually I made a typo when I made this post. When I checked my code, it was correct. The first link you suggested I had already visited but I went through it anyway. Interesting item, they do not use the @ in the authorize attribute.
I tried changing my code to match theirs but it still lets everyone in. The second link may be a little advanced for me as I have only been using MVC for about 1.5 months. I will attempt it though but it seems like a lot of work for something that should just
work from all of the articles I have read..
In the article James mentions adding a class designing the system role constant. It is unclear to me where this class needs to be created.
I also had the idea of creating another controller just for this one application where I need to restrict access and use NTFS permissions. So I did some testing and started removing the users listed on the NTFS security tab. Must work differently than I
thought it did because I have removed everyone from the list and everyone can still access the controller.
Thanks again for your help!
Feb 11, 2015 10:05 PM|Starain chen - MSFT|LINK
The second article is used to custom authentication with special requirement.
Please check the current user’s role in the action.
# Roles.GetRolesForUser Method