Geek Answers Handbook

Disable authentication in MVC using web.config

I have an MVC site protected using the [Authorize] attributes, but you have a problem on a website that uses Single Sign On on a couple or sites on different servers. I want the Authentication rule to be the reason; is there a way to temporarily disable authentication through web.config so that you can access any or some controller actions that have an authorization attribute without logging in?

EDIT:

I tried adding the following to web.config:

<authentication mode="None" />

But this leads to the fact that all actions decorated with an authorization attribute display blank pages. Actions without authorization continue to work, although

+7
source share
4 answers

Is there a way to temporarily disable authentication through web.config so that all or some of the controller actions that have access to the authorized attribute is possible without logging in?

No, this is not possible with the default database. I am sure that AuthorizeAttribute in the MVC source code will try to check and verify if the user is logged in. Without an authenticated user, access will be denied.

+8
source

Use [AllowAnonymous] to allow unauthorized users to use certain actions in the controller.

+6
source

In your Web.config, comment out the child:

 <authentication mode="Windows" /> <authorization> <!--<deny users="?" />--> </authorization>
0
source

You can allow all users access to the system by adding the following to web.config. When the controller checks the authorization, the user will be verified, as you allow all users with any Windows authentication to access the system.

 <authentication mode="Windows" /> <authorization> <allow users="*"/> <!--<deny users="?" />--> </authorization>
0
source

More articles:


All Articles