MVC4 Window authentication without prompt

Hello Experts,

I am working on porting of Asp.Net WebForm to MVC4 application.

** The website and users who will access websites are in same domain.

In old website users were restricted by creating a separate folder with web.config allowing only users with Admin role as -

<authorization>
      <allow users="?" />
      <allow roles="Administrators" />      
    </authorization>

Open in new window


So to implement same in MVC on Admin controller, I marked controller as -

[Authorize(Users="?")]
[Authorize(Roles = @"Administrators")]
public class AdminController : Controller
{
}

Open in new window


Questions :


Q.1. After publishing on server, when I try to access respective controller, the browser show prompt asking for username and password.

* I know of that it is browser normal behaviour to show that. But if it is true, then why it is not showing same prompt for earlier website?

Q.2. I am looking for some sort of solution that allow me to following -

(i) Get window's logged-in username that is making request.
(ii) Check role of that user matching with roles defined by me (for e.g. in web.config).
(iii) Authorize or allow user to access controller basis on result of step 2.

* I'm aware that I can get logged username by HttpContext.Current.User.Identity.Name. But it is returning me null if I am not using Window Authentication. And if I am using WA, then it will work. But again a prompt window comes.

I belive that I'm not only the one who is facing this problem or had faced same for MVC. There might be other experts who fixed this for their websites. So looking for practical solution or hints.

IN SHORT -
I want to allow access to specific controller for specific users with Admin role using their logged in credentials (without asking them for their credentials with prompt again).
LVL 16
Vikram Singh SainiSoftware Engineer cum AD DeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bob LearnedCommented:
There are some ideas here to investigate:

Authenticating Users with Windows Authentication (C#)
http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs

If, on the other hand, you are using IIS with Anonymous authentication disabled and Basic authentication enabled, then you keep getting a login dialog prompt each time you request the protected page (see Figure 4).
0
David Johnson, CD, MVPOwnerCommented:
in the website are you set for windows authentication or forms authentication? you also have to setup asp website authentication
0
Vikram Singh SainiSoftware Engineer cum AD DeveloperAuthor Commented:
First of all thanks to both of experts for answering to neglected question.

@TheLearnedOne

Yes! You are right and the excerpt from link speaks truth.

@David Johnson

Yes! I had set for Windows authentication both by IIS and in web.config too.

To both experts

Is there any way that I can get logged in user name from request without using Window authentication?
0
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Bob LearnedCommented:
If you have Windows Authentication working correctly, then the identity shouldn't be null.  I believe that the problem is that the identity is null, so it is asking you to log in.
0
Vikram Singh SainiSoftware Engineer cum AD DeveloperAuthor Commented:
As I asked,

I want to allow access to specific controller for specific users with Admin role using their logged in credentials (without asking them for their credentials with prompt again).

So I was able to formulate solution for same by myself. Here is the link Window Authentication not working

Hope this will help someone with same issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vikram Singh SainiSoftware Engineer cum AD DeveloperAuthor Commented:
I was able to fix the concerned problem by that solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.