4

I have an MVC 4 application which is open to all users, no login needed. There is one controller only which I need to apply Windows Authentication to via a Web.Config, like this:

  <authentication mode="Windows" />
    <authorization>
      <allow users="domain\jsmith" />
      <deny users="*" />
    </authorization>

The controller would MySite.Com/MyApp/MyAdminReportController

If this is possible, how?

Improve this question
1

1 Answer 1

Reset to default
5

I think you just need Windows auth and specify paths which are only need authorization. If you don't need Forms auth as well it looks like this:

<configuration>
  ...
  <system.web>
    ......
    <authentication mode="Windows">
    </authentication>
  </system.web>
  <location path="MyAdminReport">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

</configuration>

This is web config approach, other options is adding [Authorize] attribute to your controllers (even not hole controller you can add this attr for only specific actions too).

[Authorize]
public class MyAdminReportController : Controller
{

   //[Authorize]
   public ActionResult PrivatePage()
   {
      return View();
   }


}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

A path is required for location path not the controller name. So it should read path="MyAdminReport". If multiple routes/paths lead to the controller all of them need to be listed.
Yeah you're right "Controller" suffix should be removed, thanks for the heads up.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.