This project is read-only.

Support for Authorize attribute

Apr 29, 2014 at 10:26 PM
I just attempted to add Active Directory role based authorization to my MvcCoderouting ApiController (.NET Framework 4.0) by decorating my actions with the [Authorize(Role=@"domain\ADgroup")] attribute.

I am in an Intranet environment (Domain controller/Web Server on Domain) and have checked my web.config for the following:
<authentication mode="Windows" />
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true">
      <clear />
      <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
The Authorize attribute appears to be completely ignored.
Apr 29, 2014 at 10:40 PM
To rule out possible AD config issues, I added a

if(User.IsInRole(@"domain\group")) {

code switch at the beginning of the action just to confirm that functions properly - it does.
Apr 30, 2014 at 12:29 AM
MvcCodeRouting doesn't do anything related to authorization.