How does WIF interact with [Authorize]?
I have an MVC3 application into which I'm integrating WIF. Before starting on this path I had decorated some of my controllers to require authentication, something along these lines:
namespace MyProject.开发者_如何学PythonWeb.Controllers
{
[Authorize(Roles = "Admin,User")]
public class TestController : Controller
{
so as long as the controller wasn't decorated, a user would not get prompted for credentials. I've gotten the app to the point where I get a page with a list of choices for Google, Yahoo, Facebook and Windows Live for authentication but the trouble is I get that page regardless of what controller I hit (even just asking for / makes it pop up).
how is this supposed to work? is there any writeup out there (haven't found one yet) that discusses how WIF can protect some pages but not others?
TIA - e
It sounds like WIF has it's own IHttpModule, which means it's already executed by the time your controller is hit.
It appears that this topic has been discussed before. I'd check out these resources:
- Stack Overflow: ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)
- MSDN: Federated Identity with Multiple Partners (contains sample MVC integration)
精彩评论