2

My ASP.NET MVC site requires forms-based authentication for some resources (downloads, discussion forum, etc). This works great with the [Authorize] attribute.

However, I need my admin site (`~/Areas/Admin/*) to authenticate against active directory.

With regular ASP.NET or classic ASP, I would just go into the IIS config and change the directory security to deny anonymous users. However, I can't figure out a way to do that with an area.

I know putting the [authorize] attribute on the controllers in my admin area would require a login, but it'll use the same forms-based authorization as the public areas of the site. Right now that authenticates users against a database (not using the ASP.NET Membership system as it's overkill for my app). I need users to authenticate against the domain, but ONLY in the Admin area.

Ideas?

Improve this question

1 Answer 1

Reset to default
1

You will need to write your own custom Domain authorize attribute and add this to the admin controllers.

Have a look at the answer here: asp.net mvc Adding to the AUTHORIZE attribute

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for the link. Does anyone have something more specifically applicable to LDAP/Active Directory?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.