tags:

views:

1157

answers:

3
+2  Q: 

ASP.NET MVC Urls and IIS Integrated Windows Authentication

I have an ASP.NET MVC app which is completely behind Forms Authentication. However there is one set of routes (/report/%) I need to force integrated windows authentication on, as those pages need to impersonate the current user (for security reasons).

If I set the whole site to integrated windows authentication this all works, except that firefox prompts users for the username/password twice as they hit the sites home page (once for windows authentication, then again for the forms authentication) whereas IE only prompts for forms authentication. This is fine and I know this is the default behavior of Firefox, however so as not to anoy users I've been asked to restrict the windows authentication requirement to only the /report/* section of the site, so they only get prompted if they go to any page within /report/%.

In ASP.NET WebForms this is easy enough as there is a physcial /report folder to place the authentication config on, but in MVC this URL is virtual, so I can't do this. Does anyone know a good way to do this? I've tried to create a "gateway" aspx page that users need to go through first before redirecting to the appropriate report page, and although Firefox does prompt the user for their windows credentials at the right point, it doesn't seem to keep sending those details for subsequent requests to any of the /report/% pages. Any ideas? Would be super grateful!

A: 

You can't manage mixed mode authentication through the web.config. There's a decent (long) article here that describes one way of getting around that limitation.

mannish  2009-06-17 16:48:26
+1  A: 

Maybe you're looking for this ?

Francisco  2009-07-21 20:21:25
+3  A: 

Just recently I had to do something similar. I had a requirement of Forms Authentication for most of my asp.net MVC app, with one part that needed Windows Authentication.

What I ended up doing was to split my web app into two projects.

The first project was hosted in the root of the web site under IIS. This was running Forms Authentication.

The second project was hosted as a virtual directory of the same web site. This was running Windows Authentication.

The only tradeoff is that you may end up with a URL of /reports/reports/% (or whatever you name the virtual directory)

eyesnz  2009-07-22 06:48:15

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps