'ASP.NET MVC Authorise attribute not working, followed guidance from other questions but still get straight in
I've got an ASP.NET MVC application that I want to secure. I've added the [Authorize] attribute to the controllers, I've also added
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
to the RegisterGlobalFilters method and finally, confirmed
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
is in the global.asax.cs, Application_start method.
I can still hit my controller and return the views fine without logging in, actually never have logged in, so sure nothing is cached anywhere.
Any ideas pointers to what I'm missing here?
Thanks in advance
J
Solution 1:[1]
Are your users coming from Azure AD?
You have to set an access policy in Startup.cs
services.AddAuthorization(options =>
{
options.FallbackPolicy = options.DefaultPolicy;
options.AddPolicy("<enter policy name>", policy =>
policy.RequireRole("<role from AD"));
You can add multiple roles to a single policy like ("Role 1","Role 2","etc")
And then in your controller you have to specify which policy should have access
[Authorize(Policy = "<policy name from Startup.cs")]
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | msearing |