9

I have an MVC site, secured using [Authorize] attributes, but have an issue on a production website that uses Single Sign On accross a couple or sites on different servers. I want to rule Authentication out as the cause; is there a way to temporarily turn off the Authentication through web.config so that all or some Controller Actions that have the Authorize Attribute can be accessed without logging in?

EDIT:

I have tried adding the following to web.config:

<authentication mode="None" />

But this causes all actions decorated with Authorize Attribute to render blank pages. Actions without Authorize continue to work though

Improve this question
1
  • 1
    I love it. I just searched for: asp.net authentication none blank page, and found this question. My problem was that I had authorization set to none but accidentally had leftover Authorize statements in one of my controllers. Your question was my answer. Thanks! Commented Apr 10, 2013 at 23:59

4 Answers 4

Reset to default
9

is there a way to temporarily turn off the Authentication through web.config so that all or some Controller Actions that have the Authorize Attribute can be accessed without logging in?

No, this is not possible with the default framework. I'm pretty sure the AuthorizeAttribute in MVC source code will attempt to check and see if the user is logged in. Without an authenticated user, access would be denied.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

9

Use [AllowAnonymous] to allow specific actions in a controller be used by unauthorized users.

Improve this answer

Comments

1

In your Web.config comment out the child:

<authentication mode="Windows" />
<authorization>
  <!--<deny users="?" />-->
</authorization>
Improve this answer

Comments

0

You can allow all users access to the system by adding the following in the web.config. When the controller checks the authorization the user will be verified since you are letting all users with any windows authentication access the system.

<authentication mode="Windows" />
    <authorization>
      <allow users="*"/>
  <!--<deny users="?" />-->
    </authorization>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.