8

I am using MVC with forms authentication and i need authentication bypass for one of my controllers, is it possible to bypass authentication for Cotroller(s)/Action(s). I have been through ASP.NET MVC Forms authentication and unauthenticated controller actions , but i dont want to restrict any action for a user/role , i want to allow it anonymously.

Can anyone help in this regard.

Community
  • 1
  • 1
Furqan Hameedi
  • 4,372
  • 3
  • 27
  • 34

2 Answers2

7

The location tag solution posted on the page you linked to actually does work for MVC. The authorization controls around that kick in before the MVC framework has a chance to handle the request:

<configuration>
  <location path="~/MyAnonymousController">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>

Also note that you can put web.config files in sub-directories in your app. So for example, you can put your anonymous-access controller in it's own sub-directory and add a web.config in that directory with a location tag to allow anonymous access to everything in that directory: Web.config: Wildcards in location and authorization

Community
  • 1
  • 1
Shashi Penumarthy
  • 803
  • 8
  • 18
1

Go through the following blog, it worked for me:

http://blog.tomasjansson.com/securing-your-asp-net-mvc-3-application

Fedor
  • 1,548
  • 3
  • 28
  • 38
Satpal Singh
  • 21
  • 1
  • 1
    thanks, but if you go through the question, its almost 2 years old now,and the solution you posted is one year old and in a different MVC version,anywayz thanks for help. – Furqan Hameedi Aug 06 '12 at 07:41
  • 1
    Also, don't post link-only answers. – Joe Jul 24 '13 at 11:38
  • The link Satpal posted is exactly the solution I was looking for just now, so I'm ok with a link-only answer in this case. – Mass Dot Net Oct 28 '13 at 03:16