Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
615 views
in Technique[技术] by (71.8m points)

asp.net mvc 4 - Use Anonymous authentication in MVC4 on single controller when the whole application uses Windows Authenticaion

I have an MVC4 Web application which uses Windows Authentication, that is in web.config I have
<authentication mode="Windows" /> And that works fine and everything is ok.

However now I need a controller (an Web API controller in fact) that should be accessed anonymously from a third party component. The problem is that every time I want to invoke this method it requests user credentials.

I tried putting AllowAnonymous attribute to controller and methods but it was not successful.

[AllowAnonymous] public bool Get(string Called, string Calling, string CallID, int direction)

I checked on both IIS Express and IIS 8 with Anonymous authentication and Windows authentication enabled.

It seems that windows authentication precedes any other authentication and cannot be overridden.

Is there a way to accomplish this?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Add this to your Web.config. Here, my controller is named "WebhookController".

<location path="Webhook">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

See this KB article for more info.

Edit - As Erik mentioned below, in MVC applications you should not use web.config <authorization> tags for security. Instead, use [Authorize] attributes. Doing so will allow your [AllowAnonymous] attributes to work correctly. You can read more about this here.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...