MVC 3 ASP.NET Roles-Authorize Attribute - asp.net-mvc-3

I am getting user roles from Active Directory and I am binding the same roles to ASP.NET Membership Roles.
I want to control the display for the various Views in Controller by using
[Authorize(roles="Admin")]
But Which ever role I specify, The View just doesn't display. If I take out the [Authorize(roles="Admin")] it works.
Does Authorize uses ASP.NET Membership roles? if so, Why I am getting this error?
Am I missing anything? Any Ideas?
Thank you

IIRC if you use AD roles it works with groups and you need to specify the domain:
[Authorize(Roles = #"MYDOMAIN\SomeDomainGroup")]
Now if the user accessing the site belongs on the given AD group he will be granted access.

Assuming you are using the VS built in server and you are getting a blank page - the built in development server will display a blank page instead of prompting for credentials.
Buried way down in a note on this page
Note:
If you are using the Visual Studio Development server, you are not prompted for credentials and you see only a blank page.

Related

Trying to obtain the Windows Identity of the Logged on User in AccountController

using framework asp.net core - on .net core MVC jquery
In the account controller, I am attempting to obtain the user currently logged in to that machine on an intranet network. ie the windows authenticated user.
If I try WindowsIdentity.GetCurrent() is just returns the identity of the application pool. not what I need.
I have anonymous turned off and windows auth turned on in both the launchsettings.json and the IIS settings.
I understand that the identity middleware for abp framework I'm using is table based so the Controllers 'User' property is not what I need either.
I am wondering whether this is a limitation of the .net core?
You need to disable Anonymous Authentication and enable Windows Authentication for a specific page like Login page. This way, you say the Login page requires NTLM. So browser sends authenticated user information. And you can retrieve it with HttpContext.User.Identity.Name
Then there's next challenge! Authenticating this user with ABP. For this one, you can check out this StackOverflow post.

Where to put logic for auto-login and creating members

Im new to Umbraco development, but im plenty familiar with ASP.Net & MVC etc. So Im getting to grips with the object model and terminology used, but Im not sure where to start. I need to use windows authentication on my Umbraco site, which will be for internal use only.
What I envision:
- When a domain user hits any area of the website, grab the user identity
- Lookup to see if matching user(or member) exists and if not create it
- Login this user to Umbraco
- By default all new visitors, if their user identity doesnt match a current member, then create that member and log them in.
Sounds like I need to create my own controller that overrides the base controller (RenderMvcController ?) and check the user identity on each and every request? Maybe do this by overriding the Index action method? Or could I do this with a macro - or as ive seen mentioned, are macros loosing favor with the new version of Umbraco?
Also, Im not sure how to deal with members vs users? As I understand it, members are who have access to the front part of the website, whereas users are those that have access to the back office area and can create/manage content.
Are all users also members?
There will be some that I want to give access to create/manage content, so when Im auto-creating users, its actually members that I need to create, not users?
[ update ]
Actually, I think I will need to create my own membership provider if I want every request routed through the check for a valid domain user? In my research, I keep coming across this example http://thegrayzone.co.uk/blog/2012/07/combined-authentication-with-umbraco/
I have overridden the default RenderMvcController in numerous projects with success, you could of course use the built in Umbraco auth to redirect to an authentication page for users that do not have a valid Umbraco Auth token and set it only only on that page based on their windows identity.
RE: Are users also members?
No. Users & Members are entirely independent of one another; users being back office users & members being front end users. You will need to create 2 accounts.

MvC5 Authorization / Roles with Windows Authentication

Building an MVC5 intranet application that is using Windows Authentication.
I want to use the builtin roleManager to add roles to existing users. If I attempt to create a user, say AD\Username and add him the to Admin user role, I can do this just fine and Asp .Net Identity builds out and stores that information in the database.
However, I using [Authorize(Roles = "Admin")] on any particular controller action will not give me access to that page. It's as if there is no link between AD\Username and my AD user.
Is this built in to work with Asp .Net Identity? Or do I need to do some heavy customization? This seems fairly straightforward.
Thanks for the help!

Windows Authentication using MVC5, display Username at the top of every View

I am developing a MVC5 application for the DOE. We use windows authentication to login to our computers. I need help getting the users Name when logged in to be display "Welcome, Username"(across all pages) when they navigate to site. My problem is that when I navigate to the page it displays our ID which is what we use to login, i.e. i5456 and password. It would be much appreciated if someone would assist me and walk me through how to set this up.
I have already disabled Forms auth and enabled windows auth in VS 2013. I have tried using #User.Identity.Name in my SiteLayout, but like I said the ID is the only thing displayed. I'm not sure how to setup my model or view, or if I even have to. Is there a way to retrieve the Username so it can be displayed instead of the ID?
Try this #User.Identity.GetUserName() in your view
works for me

Change AD Username breaks ASP.MVC 3 web site

I have an ASP.NET MVC 3 web site that uses Windows Authentication running under IIS7.5. This web site also checks manually for groups in AD using the GetRolesForUser method of a custom RoleProvider. This isn't anything special, and has been working fine for a few months now.
However, we now have a user that had their Active Directory user name changed. They still have the same actual AD account, but to them their login name is now different.
Unfortunately this has broken the web site for this user. I'm using Elmah to log errors, and I have noticed that REMOTE_USER is using the old account name, and LOGON_USER is using the new account name. It looks like the username parameter of the GetRolesForUser method is getting the old account name - so I assume it is using REMOTE_USER.
Should I be targeting the web server or the web site for a fix? I've read that LOGON_USER and REMOTE_USER are only different if there is an authentication filter installed. I'm not aware of anything like this on the web server (although I'm not sure exactly where to look), but does MVC3 add this somehow?
Typical, after I posted, my Google-Fu kicked in.
Seems like this is a known issue (by design) with the local sid cache:
http://support.microsoft.com/kb/946358
Resolution is to follow the registry change in article (and undo it again?), or reboot the web server. I have read that a IISRESET might fix this too.

Resources