Sunday, March 29, 2015

ASP.NET MVC Forms Authentication with Active Directory

If you want to implement Forms Authentication with Active Directory using ASP.NET MVC, this is an excellent article on how to accomplish this: http://www.schiffhauer.com/mvc-5-and-active-directory-authentication/

Unfortunately, it is missing a key point that is addressed by this MSDN article: https://msdn.microsoft.com/en-us/library/ff650308.aspx

In order to be forced to the User Login View, you have to also include the following section in the Web.config file:

<authorization> 
    <deny users="?" />
    <allow users="*" />
</authorization>

If you forget to include this section in your Web.config, you will not be automatically redirected to your Login screen. 

 

Even if you include this code in your FilterConfig.cs file, the Login redirection will still not occur:

 


public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new HandleErrorAttribute());
    filters.Add(new AuthorizeAttribute());
}

Therefore, make sure you do not forget the authorization section in your Web.config file!!



No comments:

Post a Comment