Menu
I have an MVC site, secured using [Authorize] attributes, but have an issue on a production website that uses Single Sign On accross a couple or sites on different servers. I want to rule Authentication out as the cause; is there a way to temporarily turn off the Authentication through web.config so that all or some Controller Actions that have the Authorize Attribute can be accessed without logging in?
EDIT:
I have tried adding the following to web.config:
<authentication mode="None" />
But this causes all actions decorated with Authorize Attribute to render blank pages. Actions without Authorize continue to work though
318
is there a way to temporarily turn off the Authentication through web.config so that all or some Controller Actions that have the Authorize Attribute can be accessed without logging in?
No, this is not possible with the default framework. I'm pretty sure the AuthorizeAttribute in MVC source code will attempt to check and see if the user is logged in. Without an authenticated user, access would be denied.
152
Use [AllowAnonymous] to allow specific actions in a controller be used by unauthorized users.
43
In your Web.config comment out the child:
<authentication mode="Windows" />
<authorization>
<!--<deny users="?" />-->
</authorization>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
