Menu
I have an ASP.NET MVC app which is completely behind Forms Authentication. However there is one set of routes (/report/%) I need to force integrated windows authentication on, as those pages need to impersonate the current user (for security reasons).
If I set the whole site to integrated windows authentication this all works, except that firefox prompts users for the username/password twice as they hit the sites home page (once for windows authentication, then again for the forms authentication) whereas IE only prompts for forms authentication. This is fine and I know this is the default behavior of Firefox, however so as not to anoy users I've been asked to restrict the windows authentication requirement to only the /report/* section of the site, so they only get prompted if they go to any page within /report/%.
In ASP.NET WebForms this is easy enough as there is a physcial /report folder to place the authentication config on, but in MVC this URL is virtual, so I can't do this. Does anyone know a good way to do this? I've tried to create a "gateway" aspx page that users need to go through first before redirecting to the appropriate report page, and although Firefox does prompt the user for their windows credentials at the right point, it doesn't seem to keep sending those details for subsequent requests to any of the /report/% pages. Any ideas? Would be super grateful!
918
By default MVC apps use Form Authentication and Simple Membership, so you need to make it "false" to run Windows Authentication. Select the project name in Solution Explorer and then in the Property Explorer, click to enable Windows Authentication.
When you enable Windows authentication, your web server becomes responsible for authenticating users. Typically, there are two different types of web servers that you use when creating and deploying an ASP.NET MVC application.
Integrated Windows Authentication (IWA) is a built-in Microsoft Internet Information Services (IIS) authentication protocol that can be used to automatically authenticate and sign-in a user to EMS Web App. IWA is best used on intranets where all clients accessing EMS Web App are within a single domain.
Just recently I had to do something similar. I had a requirement of Forms Authentication for most of my asp.net MVC app, with one part that needed Windows Authentication.
What I ended up doing was to split my web app into two projects.
The first project was hosted in the root of the web site under IIS. This was running Forms Authentication.
The second project was hosted as a virtual directory of the same web site. This was running Windows Authentication.
The only tradeoff is that you may end up with a URL of /reports/reports/% (or whatever you name the virtual directory)
160
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
