Reputation: 10226
How does WIF interact with [Authorize]?
I have an MVC3 application into which I'm integrating WIF. Before starting on this path I had decorated some of my controllers to require authentication, something along these lines:
namespace MyProject.Web.Controllers
{
[Authorize(Roles = "Admin,User")]
public class TestController : Controller
{
so as long as the controller wasn't decorated, a user would not get prompted for credentials. I've gotten the app to the point where I get a page with a list of choices for Google, Yahoo, Facebook and Windows Live for authentication but the trouble is I get that page regardless of what controller I hit (even just asking for / makes it pop up).
how is this supposed to work? is there any writeup out there (haven't found one yet) that discusses how WIF can protect some pages but not others?
TIA - e
Upvotes: 1
Views: 238
Answers (1)
Reputation: 84774
It sounds like WIF has it's own IHttpModule, which means it's already executed by the time your controller is hit.
It appears that this topic has been discussed before. I'd check out these resources:
- Stack Overflow: ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)
- MSDN: Federated Identity with Multiple Partners (contains sample MVC integration)
Upvotes: 3
Related Questions
- ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)
- Windows Identity Foundation sample MVC application
- ClaimsAuthorizationManager issues
- SessionAuthenticationModule with Windows Authentication
- Custom Authentication on Asp.Net 4.5 with WIF
- WSFederationAuthenticationModule v/s SessionAuthenticationModule
- Username and password authentication for WIF (Windows Identity Foundation) in ASP.NET MVC
- Windows Identity Foundation Active Authentication
- WIF correlation with AuthorizeAttribute in MVC for access restriction to certain pages
- dotnetopenauth versus WIF