+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / mvc page using authorize and specifying roles always fails authentication

mvc page using authorize and specifying roles always fails authentication

5 posts, 1 answered
  1. mark gamache
    mark gamache avatar
    34 posts
    Registered:
    23 Jun 2005
    25 Jan
    Link to this post

    This is similar to this old issue:

    http://www.sitefinity.com/developer-network/forums/bugs-issues-/sf-5-1---mvc-page-using-authorize-and-specifying-roles-always-fails-authentication

    I am having it with SF 8.1. I am using the default role provider. 

    this always fails:

     [Authorize(Roles = "Administrators")]

    This works if you are logged in:

     [Authorize]

    Obviously I would like to specify roles to secure a few of my MVC endpoints.

    thanks,

    mark

  2. Kaloyan
    Kaloyan avatar
    11 posts
    Registered:
    19 Sep 2016
    26 Jan
    Link to this post
    Hi Mark,

    Those kind of setting authentication attributes based on specific user roles is not currently supported by feather. I would suggest you to stick to the standard widget or page permissions infrastructure. Follow the link with a documentation of how this can be achieved. There is another solution - using the standard Sitefinity User roles API in case you want to guard only a specific route action. Let me know if you need any further assistance.

    Regards,
    Kaloyan
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
  3. mark gamache
    mark gamache avatar
    34 posts
    Registered:
    23 Jun 2005
    26 Jan in reply to Kaloyan
    Link to this post
    So I have some admin pages and api endpoints that are standard MVC, but the only way to secure them is to query the user though the sitefinity User Role API (matching the logged in user's roles with allowed roles)?
  4. Kaloyan
    Kaloyan avatar
    11 posts
    Registered:
    19 Sep 2016
    27 Jan
    Link to this post
    Hello Mark,

    The most simple solution for your case is to extend the default "Authorize" attribute to work with Sitefinity Role base API. The attached file is a sample "RolesAuthorize" implementation that will do the trick. You just need to set the attribute to the action you want:

    [RolesAuthorize(Roles = "Authors, Administrators")]
    public ActionResult Index()
    {
          return View("Default");
    }

    Let me know if you have any further questions.

    Regards,
    Kaloyan
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
    Answered
  5. mark gamache
    mark gamache avatar
    34 posts
    Registered:
    23 Jun 2005
    20 Feb in reply to Kaloyan
    Link to this post
    This does work thanks, but note without changing it will only work with "App" roles not the Backend roles defined by the app. It solves the issue I was having. 
5 posts, 1 answered