I am working on porting of Asp.Net WebForm to MVC4 application.
** The website and users who will access websites are in same domain.
In old website users were restricted by creating a separate folder with web.config allowing only users with Admin role as -
<allow users="?" />
<allow roles="Administrators" />
So to implement same in MVC on Admin controller, I marked controller as -
[Authorize(Roles = @"Administrators")]
public class AdminController : Controller
After publishing on server, when I try to access respective controller, the browser show prompt asking for username and password.
* I know of that it is browser normal behaviour to show that. But if it is true, then why it is not showing same prompt for earlier website?
I am looking for some sort of solution that allow me to following -
Get window's logged-in username that is making request.
Check role of that user matching with roles defined by me (for e.g. in web.config).
Authorize or allow user to access controller basis on result of step 2.
* I'm aware that I can get logged username by HttpContext.Current.User.Identity.Name
. But it is returning me null if I am not using Window Authentication. And if I am using WA, then it will work. But again a prompt window comes.
belive that I'm not only the one who is facing this problem or had faced same for MVC. There might be other experts who fixed this for their websites. So looking for practical solution or hints.
IN SHORT -
I want to allow access to specific controller for specific users with Admin role using their logged in credentials (without asking them for their credentials with prompt again)