How do I use windows authentication with roles with Hot Towel?

Question

I can spin up a standard asp.net mvc 4 intranet project and decorate the controller or methods with things like:

[System.Web.Mvc.Authorize(Roles = "MyApp Users")]

I have tested it and it will work perfectly (since my domain account is a member of the "MyApp Users" in Active Directory)

However my problem/question is how do I get the same type of behavior for a "Hot Towel" application? I try decorating my breeze controller, HotTowel Controller, or any method with the same attribute and I can never authenticate... what gives?

Your help is greatly appreciated.

Answer 1

Finally figured it out. I hope this is of use to others.

First you must set the WindowsProvider as your roleManager like so:

<roleManager defaultProvider="WindowsProvider"
   enabled="true"
   cacheRolesInCookie="false">
  <providers>
    <add
      name="WindowsProvider"
      type="System.Web.Security.WindowsTokenRoleProvider" />
  </providers>
</roleManager>

Then you will be able to check the roles for the user [using Roles.IsUserInRole()], and more specifically to this question use the authorize attribute. The only thing is that you will have to include the domain in the authorize attribute, like so:

[System.Web.Mvc.Authorize(Roles = "YourDomain\\MyApp Users")]

And now everything works as you would expect.