MvcSiteMapProvider causing authorization issues with MVC4 website
https://stackoverflow.com/questions/13075463
-
14-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to implement MvcSiteMapProvider with my new MVC4 website, but I've run into something that I can't seem to fix.
I setup authorization with Active Directory (no role provider currently), and everything was working as it should. When you try to get to any page other than the login page, you're redirected to the login page. The Account controller's action methods have the [allowAnonymous] attribute to allow unauthenticated users to access them so that they can login.
For some unknown reason, adding MvcSiteMapProvider to the project stops this from working and now unauthenticated users can get to any page. The Menu that MvcSiteMapProvider creates works correctly and only authenticated users can see it, but if the unauthenticated user types in a direct link they aren't redirected to the login page as they used to be.
I've removed MvcSiteMapProvider from the project and authentication started to work correctly again. I believe this has something to do with MvcSiteMapProvider overridding the authorizeAttribute filter in some way, but I can't figure out where/how.
I can put [Authorize] on top of the controller and the redirect works with MvcSiteMapProvider, but that's against the whole reason for using MVC4.
//this is supposed to set authorize for the entire app
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
}
I have a feeling this issue is coming from MvcSiteMapProvider/External/AuthorizeAttributeBuilder.cs, but I'm not experienced enough to figure this out.
UPDATE: Turns out that I had just setup my global filters incorrectly. For some reason that RegisterGlobalFilters method was in my global.asax file, so my FilterConfig.cs file didn't have the line:
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
I removed the method from my global.asax file then updated the FilterConfig.cs file with the above filter and everything is now working as expected. Not sure how I got into this situation, but I'm glad I figured it out.
Someone on the mvcSiteMapProvider GitHub project had mentioned that he had MVC4 and mvcSiteMapProvider working seamlessly, so I created a new MVC4 app and added the mvcSiteMapProvider before making any changes and then added the authorize global filter. Everything worked as expected, so I compared projects and found where I had gone wrong. Hopefully this info helps someone, but I doubt it as it's a pretty unique case.
Solution
Turns out that I had just setup my global filters incorrectly. For some reason that RegisterGlobalFilters method was in my global.asax file, so my FilterConfig.cs file didn't have the line:
filters.Add(new System.Web.Mvc.AuthorizeAttribute()); I removed the method from my global.asax file then updated the FilterConfig.cs file with the above filter and everything is now working as expected. Not sure how I got into this situation, but I'm glad I figured it out.
Someone on the mvcSiteMapProvider GitHub project had mentioned that he had MVC4 and mvcSiteMapProvider working seamlessly, so I created a new MVC4 app and added the mvcSiteMapProvider before making any changes and then added the authorize global filter. Everything worked as expected, so I compared projects and found where I had gone wrong. Hopefully this info helps someone, but I doubt it as it's a pretty unique case.
