I am creating an Intranet site using Windows Authentication.
Maybe I'm not going to do it in the best way, but I'm trying to load partial views by calling a controller method that has an authorization action filter wrapped around it so that only authorized people can see this part of the page. Say, for example, I wanted to upload admin tools to a page, but only if the registered user is an administrator.
So, on the index.cshtml page, there might be something like:
@Html.Action("LoadAdminTools","ControllerName")
The controller will contain the code:
[Authorize(Roles="Admins")] public ActionResult LoadAdminTools() { return PartialView("_AdminToolsPartialView"); }
And then a partial view containing admin controls (or something else) will be displayed on the page - only if the logged-in user was part of the Administrators role.
The “problem” I am facing is that if the login is not allowed to load a partial view, the browser displays a login dialog asking for user credentials. Closing the dialog without entering any credentials leads to the expected results - partial viewing does not load until the rest of the page does. Cool but annoying. Enter the wrong credentials and you will get error 401 - as expected.
If this helps: IIS does not enable anonymous authentication, Windows Authentication is enabled. "Automatic login with current username and password" is selected in "Internet Options" in the "Security Settings - Local Intranet Zone" section.
My question is this : is there a way to use the [Authorize] action filter to load a partial view (or for something, really) without a browser asking me to log in? Just have the current logged in credentials, check if they match the action filter, if they do, upload a partial view, if not, then no. If this does not happen, is there simply the best way to do what I want to do here?
UPDATE
Beautiful. I read the solution to the question that you sent, Mystere Man, created a new class inside the Controller folder called IntranetAuthorizeAttribute.cs, abandoned the code:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)] public class IntranetAuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute { protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext) { if (filterContext.HttpContext.Request.IsAuthenticated) { filterContext.Result = new System.Web.Mvc.HttpStatusCodeResult(403); } else { base.HandleUnauthorizedRequest(filterContext); } } }
Replaced the Authorize filter with the new IntranetAuthorize filter:
[IntranetAuthorize(Roles="Admins")] public ActionResult LoadAdminTools() { return PartialView("_AdminToolsPartialView"); }
And now it loads the page just fine with no browser browser dialog box - with a partial view when it is an authorized user, and without partial view when it is not an authorized user =)
Thanks!