Windows Identity Framework on ASP.NET MVC - how to authorize user per action basis?
Windows Identity Framework on ASP.NET MVC - how to authorize user per action basis?
Like:
[Authorize]
public ActionResult About()
{
return View();
}
Instead of the whole site level security as is the default WIF site integration behaviour?
UPDATE: Maybe should the question 开发者_C百科goes like, how to allow anonymous users to access the site too?
Well as it turns out, authorization element has to be properly set in web.config.
Default is something like:
<authorization>
<deny users="?" />
</authorization>
Which simply mean deny all anonymous users.
But in MVC it should be like:
<authorization>
<!--<deny users="?" />-->
</authorization>
Which mean allow all users, and leave application to handle the authentication.
So that mean default WIF setting have to be reverted:
From:
<authentication mode="None" />
To something like:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
That so, per action authorization in MVC works. Nice. :)
More on Authorization: http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx
You are able to configure site authentication model in Web.config
http://msdn.microsoft.com/en-us/library/aa291347(v=vs.71).aspx
精彩评论