I don't have a proper solution for this. Just a work around that may help before someone posts the proper solution.
I use, [Authorize] attribute for the actions but whenever I am in a partial view, I do a manual 'OnAuthorization'.
public class Authorize : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
....
}
public static void ManualOnAuthorization(HttpContext context)
{
if (context.User.Identity.IsAuthenticated && context.User.Identity.AuthenticationType == "Forms")
{
FormsIdentity fIdent = (FormsIdentity)context.User.Identity;
var user = new CustomUser(fIdent.Ticket.UserData);
var ci = new CustomIdentity(user);
var p = new CustomPrincipal(ci);
HttpContext.Current.User = p;
Thread.CurrentPrincipal = p;
}
}
}
I have put it in Authorize class and use it as following in a partial view.
@if(User.Identity.IsAuthenticated)
{
Authorize.ManualOnAuthorization(HttpContext.Current);
if (User.IsInRole("Admin"))
{
}
}