Reputation: 17074
WIF correlation with AuthorizeAttribute in MVC for access restriction to certain pages
In my MVC application I'm using WIF. I've added STS reference using Visual Studio built-in tool. FedUtil has generated some entries in web.config:
<microsoft.identityModel>
<service>
<claimsAuthenticationManager type="Social.Core.Security.RolesAwareClaimsAuthenticationManager, Social.Core" />
<audienceUris>
<add value="http://app.something.com/" />
</audienceUris>
...
As you can see, additionally I've written custom ClaimsAuthenticationManager to add some claims to those already received from STS.
Nevertheless, in the application I have restricted page:
public class ProfileController : BaseController
{
[Authorize]
public virtual ActionResult Index()
{
// restricted area
}
}
I've added AuthorizeAttribute on the restricted action. I need authentication only while entering app.something.com/profile/index. Unfortunately, now logon form shows while entering any part of the application, for example main page app.something.com.
How to correlate WIF authentication with AuthorizeAttribute and only authorize what I need ? Maybe I need to add app.something.com/profile/index somewhere in web.config or in STS ? Any clues ?
Upvotes: 0
Views: 478
Answers (1)
Reputation: 2873
When you run the Add STS reference, the wizard will add the authotization section and deny anonymous users. Remove that.
<authorization>
<deny users="?" />
</authorization>
Upvotes: 2
Related Questions
- ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)
- Claim based security with MVC custom login page
- ASP.Net MVC Security AuthorizeAttribute
- ASP.NET MVC - use authorize attribute
- How Authorize attribute work in MVC3
- Adding Claims-based authorization to MVC 3
- ASP.NET MVC 3 AuthorizeAttribute
- How does WIF interact with [Authorize]?
- Windows Identity Framework on ASP.NET MVC - how to authorize user per action basis?
- Specialized Authorize attribute for asp.net mvc application