MVC 2 Area Authentication Not Working | ansaurus

tags:

views:

171

answers:

1

Q:

MVC 2 Area Authentication Not Working

Using MVC 2, if I setup my root web.config with forms authentication (there is no locations section), and I go to a page outside an area (off of the root), I get redirected to the login page as one would expect. However, if I go to a page in an area, I don't get redirected as expected. Do I need an additional web.config somewhere in the area or do I possibly have something mis-configured?

Also, I have been sure to clear all cookies and start from a new session and browser just in case something was holding over from a previous login.

I really did not want to have to maintain locations or multiple web.config files since the whole site needs authentication.

If it helps, I am using Visual Studio 2010 and started with a MVC 2 template.

Warning: I have only had 2 cups of coffee this morning so it could be a short circuit between the chair and the keyboard...

Thanks,

--Patrick

+2 A:

Web.config authorization should not be used with an MVC application. Instead, apply the [Authorize] attribute to the controllers you wish to protect. If all of your controllers site-wide need authorization, consider having a BaseController with an [Authorize] attribute and having all of your controllers site-wide subclass the BaseController.

Levi 2010-05-06 19:53:43

In retrospect, I knew that, but for the life of me it took reading the answer to remember it. Thanks a bunch for giving me a virtual smack on the back of the head...

Laques 2010-05-07 01:19:11

related questions

ASP.NET Membership: Login Controls Source Code

ASP.NET Login to a Website with Forms Authentication vs None

Avoid losing PostBack user input after Auth Session has timed out in ASP.NET

ASP.NET Login Page Styles

What is the purpose/meaning of the Version property on a FormsAuthenticationTicket?

.NET forms authentication cookie not accessible in another application

How to change FormsCookieName at runtime in ASP.NET

How to get current user in Asp.Net MVC

Can't set FormsAuthenicationTicket.UserData in cookieless mode.

How do you implement a "Logout" link using ASP.NET MVC?

Examples of asp.net mvc and authentication

Login.aspx always wants to be my home page!

In ASP.Net, can we create an application with its own Web.Config and Forms Authentication section inside another application using Forms Authentication?

How secure is basic forms authentication in asp.net?

Inheriting a base class

FormsAuthentication selective to url

What is the best workaround for the ASP.NET forms authentication timeout problem when using wildcard mapping?

Context.User losing Roles after being assigned in Global.asax.Application_AuthenticateRequest

How do I logout of multiple asp.net applications?

[ASP.NET] Conditional Redirect on Login

Bypass Forms Authentication auto redirect to login, How to?

How do I filter nodes of TreeView and Menu controls with sitemap data sources based on user permissions?

How do I best handle role based permissions using Forms Authentication on my ASP.NET web application?

How do I keep my Login.aspx page's ReturnUrl parameter from overriding my ASP.NET Login control's DestinationPageUrl property?

How do I use ASP.NET Login Controls when my Login.aspx is not at the root of my application?