Menu
In this ASP.NET MVC 3 intranet application (created using MVC 3 Intranet Application template), where users are authenticated automatically against AD, I'm trying to restrict access to a controller to users in the local Administrators group. In order to achieve this, I've tried to apply AuthorizeAttribute like so:
[Authorize(Roles = "Administrators")]
public class ElmahController : Controller
However, even though my AD user (the application reports the expected user has been authenticated) is in the local Administrators group, I cannot gain access to the controller when AuthorizeAttribute is applied. Only a blank page comes up. What am I doing wrong?
On the other hand, I've verified that specifying my particular user works:
[Authorize(Users = @"ad\arve")]
public class ElmahController : Controller
In this case, I can retrieve the restricted page successfully.
EDIT:
I found that qualifying the group with BUILTIN worked:
[Authorize(Roles = @"BUILTIN\Administrators")]
Is this the definitive way of referring to local groups via AuthorizeAttribute though??
404
Follow my tutorial How to Create an Intranet Site Using ASP.NET MVC You need to use the built-in AspNetWindowsTokenRoleProvider class , which uses Windows groups as roles
[Authorize(Roles = @"BUILTIN\Administrators")]
Will only work if you are an admin on the IIS server. If you deploy your application to a production server for your company, you will need to be made a local admin on the production server.
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
