Using Basic Authentication and Forms authentication on same site
Can anyone tell me, if it is possible to use both basic and forms authentication on my site without the 2 interfering with each other?
I have a new site that I want only certain people to see for approval purposes.
The site has a members area that uses Forms authen开发者_Go百科tication and now when anyone enters the site after passing basic authentication they are being directed to the forms authentication page, even though they should be viewing a page that isn't protected by forms authentication.
I need a situation whereby anyone who clears basic authentication can then view the whole site excluding the members area of the site where they will need to log in via forms authentication.
It sounds like you just haven't configured forms authentication for just the particular members area, but have it configured for everything.
Look at the authorization element and the location element (if you want to control the settings in the main Web.config, instead of creating a Web.config for the member's area).
See also ASP.NET Forms Authentication and a "No Authentication" subfolder (except you want the reverse).
One option is to write your own basic authentication filter attribute and protect the action that just require basic authentication with the custom attribute . The controller action which requires forms authentication should be protected with the normal [Authorize] attribute. Please refer the following example :-
http://www.ryadel.com/en/http-basic-authentication-asp-net-mvc-using-custom-actionfilter/
I had a similar issue in the past but was more along the lines of providing basic authentication for REST calls and form authentication when someone access the mvc site. We ended up creating our own authentication filter
精彩评论