7

Disclaimer: this is my first time with ASP.NET MVC 5

I have no idea why it doesn't work. I can't get my MVC5 app to authorize users. I have done this in previous versions (2, 3 and 4) but I can't seem to make it work in OWIN.

I'm using local IIS with the needed features enabled:

IIS Features

EDIT:

I'm using SSL on IIS and RequireHttps at C#

This is the code:

protected void Application_Start()
{
    GlobalFilters.Filters.Add(new AuthorizeAttribute());
}

Startup.Auth.cs

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/admin/account/login")
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseGoogleAuthentication();

Even though I'm using Global Authorize I tried to "force" it to see if this was the problem:

public class HomeController : Controller
{
    [Authorize]
    public ActionResult Index()
    {
        return View();
    }
}

No luck... I'm not sure it was necessary with OWIN, but I even tried enabling forms authentication:

<authentication mode="Forms" />

EDIT [2]

Well, I found out the problem... IIS! Finally! Now, would anyone know how to fix that? Do I need anything special to run OWIN on IIS? I can work now, but soon I'll have to deploy the app and will probably run into the same problem in the server...

I've already read these:

How do you login/authenticate a user with Asp.Net MVC5 RTM bits using AspNet.Identity?

Authorize attribute not working MVC 5

Any ideas?

Community
  • 1
  • 1
eestein
  • 4,914
  • 8
  • 54
  • 93
  • Do you get any error or more precisely what is the output you get? – Stephen Reindl Feb 02 '15 at 21:14
  • @StephenReindl no error, I'm able to access the page I shouldn't (Authorize attribute). I just see the page at home/index – eestein Feb 02 '15 at 21:16
  • hmmm... interesting... Why did you add the AuthorizeAttribute during application_start? My startup code is executing the following in a row FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); The rest is done within Startup.cs... – Stephen Reindl Feb 02 '15 at 21:25
  • @StephenReindl because I want my whole app in lockdown mode. Only few actions will have anonymous access. – eestein Feb 02 '15 at 21:26
  • I see. Can you check if your startup code is executed (add log/breakpoint)? I've seen this behavior in case the startup code has not been executed... – Stephen Reindl Feb 02 '15 at 21:32
  • @StephenReindl Ok, Startup.Configuration() is never hit. What do I need to do in order to call that method? – eestein Feb 02 '15 at 21:33
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/70068/discussion-between-stephen-reindl-and-eestein). – Stephen Reindl Feb 02 '15 at 21:34
  • Fire Fiddler and check, you might be authenticating but the browser does that for you, you will see first a error 4xx and then a 200. – Pedro.The.Kid Feb 05 '15 at 13:55
  • @Pedro.The.Kid I'm not sure I follow... anyway, the browser can't be authenticating for myself since I've never logged to this site. And even if I go incognito, it still allows free passage =/ – eestein Feb 05 '15 at 14:46
  • I am unable to reproduce this issue with a new project from the MVC 5.2 templates in VS2013 / IIS 8 and a plain IIS virtual directory config. I suspect there may be an issue with the IIS config or something. Could you see if you are able to reproduce the issue starting with a new project and IIS vistual directory using the MVC 5.2 templates? – Svein Fidjestøl Feb 11 '15 at 17:48
  • @SveinFidjestøl Yes, I narrowed it down to IIS, but I don't know what there is wrong... I didn't change configuration besides adding SSL (as stated in my question). – eestein Feb 12 '15 at 00:37

2 Answers2

2

Since your app run with IIS, try add Microsoft.Owin.Host.SystemWeb nuget package to your application.

zhimin
  • 2,740
  • 12
  • 22
  • Thank you, but that's not it. I've read about it some time ago and even though I have that package installed I updated it at no avail. – eestein Feb 09 '15 at 23:16
2

Try this article, it was helpful for me OWIN setup. I'm not sure if you used claims as you didn't show it in your question, that is critical to create authentication ticket to authenticate

Also, as you are using SSL, pay attention to CookieSecure property if still does not work CookieSecureOption

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/admin/account/login")
    CookieSecure = CookieSecureOption.Never
});

I hope it will help

Paul
  • 266
  • 1
  • 4
  • 13