0

I'm hoping this is possible. Note that I'm NOT trying to mix the two authentication forms. My goal is to have an existing site secured as it is now with Forms authentication. I don't want Windows authentication to work in any existing pages, we use Authorize attributes to secure controllers and that should continue to function as is.

I'd like to add an MVC Area where ONLY Windows authentication will work. I was thinking of creating a new Authorize attribute subclass that will only accept Windows integrated authentication, but I'm not sure how to specify which authentication mode for the site vs. the area.

How would I configure such an application?

Andy
  • 8,432
  • 6
  • 38
  • 76

1 Answers1

1

Since MVC doesn't use the physical folder structure (except for Content, like scripts, images, css, etc.. and even then in MVC4 much of that is now virtualized in bundles), all authentication is done at the root of the site, more or less.

You would be better off creating a sub-site with it's own web.config and authentication settings rather than trying to do two forms of authentication in the same site.

Erik Funkenbusch
  • 92,674
  • 28
  • 195
  • 291
  • Yes, that was my thinking too, but I was hoping there might be some option to do this. – Andy Aug 20 '13 at 16:04
  • @Andy - There are other options as well, but they are significantly more complicated. A sub-site is just the simplest way to do it. – Erik Funkenbusch Aug 20 '13 at 16:09
  • Perhaps you could expand on those in your answer as well. I likely wouldn't go the complicated route, but for the sake of completeness if someone else has a reason to do an alternative. – Andy Aug 20 '13 at 16:12