Is there a good approach to combine Windows authentication and Forms authentication in ASP.NET MVC?

Question

I have a scenario where some users are going to be required to log into an application (forms authentication), while others will be authenticated via Windows authentication. To determine if a user is required to login, I'll be looking up permissions for the Window AD users using a custom role/permission implementation.

In ASP.NET MVC, you can set the authentication configuration to either "Windows" or "Forms authentication". I know this could be done by creating two applications but I don't like that option

I'm about to try to convince my boss that forcing everyone to login will make our lives a lot simpler but I thought I better check to see if there any good options out there. I couldn't find one possible solution for ASP.NET MVC. I'm using version 2.

Any ideas?

Answer 1

You need remember that ASP.NET MVC is built right on top to the ASP.NET runtime, so you can still access the underlying features, and the web.config still works the same as it does for WebForms.

I found this blog post "IIS 7.0 Two-Level Authentication with Forms Authentication and Windows Authentication" by Mike Volodarsky, where he discusses how you can achieve this by creating a custom FormsAuthentication wrapper HttpModule.

I haven't tried it, but I see no reason why this wouldn't work with an ASP.NET MVC application.