MVC Role Authorization not working for windows accounts

692 views Asked by At

I have a web app that will be used internally, and it authenticates via Windows authentication. <authentication mode="Windows" /> is in the web config

I have two roles - All and One - which can access different pages in the app:

[HttpGet]
public ActionResult Home()
{
    return View();
}

[HttpGet]
[Authorize(Roles = "All")]
public ActionResult AllPage()
{
    return View();
}

[HttpGet]
[Authorize(Roles = "All, One")]
public ActionResult OnePage()
{
    return View();
}

Ideally, everyone can see the Home page, All can see the AllPage and the OnePage, and One can see only the OnePage and not the AllPage

I have two users, AllUser and OneUser, each in their respective group. The problem is that no matter who is logged in, everything is unauthorized. The authorization never succeeds. I have tried quite a few number of tutorials online for how to set this up, and none have worked. This really shouldn't be that complicated, but I can't get this to work for the life of me.

Things I have tried:

  • Specifying the domain in front of the group (i.e., Roles = "Domain\\All")
  • Setting up authorization in only the web config
  • Setting up authorization in both the web config and in the MVC controller
  • If anyone has some guidance or help on this, I will appreciate it greatly.

    2

    There are 2 answers

    0
    cidthecoatrack On BEST ANSWER

    So I feel like a bit of an idiot. Turns out the issue wasn't with my code at all - it was with the person maintaining the AD groups. They gave me the wrong group names, which was why it never authenticated. Once I put in the correct group names, everything worked out.

    It is worth mentioning that because these were groups in an Active Directory environment, I did have to specify the domain in front of the group name - but other than that, the code was good. I had thought it was this simple, thus my frustration over why it wasn't working.

    1
    Onur Gazioğlu On

    To enable role management check this link: http://www.codeproject.com/Articles/799571/ASP-NET-MVC-Extending-ASP-NET-Identity-Roles

    For windows authentication you need impersonation: https://msdn.microsoft.com/en-us/library/ff647405.aspx