2

I have an ASP.NET MVC5 application that I need to configure to work with ADFS, so I'll be choosing Organizational Accounts authentication and use the tooling to make this work. This will prevent access to the site unless the user gets a token from ADFS.

Is there a way to make some route (ex: /home/index) accessible by anonymous users and only redirect users to the ADFS login page once they access a restricted area?

Kassem
  • 8,116
  • 17
  • 75
  • 116

3 Answers3

3

If you use Visual Studio wizard to enable Organizational Accounts authentication (i.e. ADFS), then in your web.config you will find inside your the following config:

<authorization>
   <deny users="?" />
</authorization>

Remove this, to enable the [Authorize] and [AllowAnonymous] attributes in your controller action method.

Otherwise, your [AllowAnonymous] will be overridden by the config which deny all users on all pages.

Felix
  • 336
  • 2
  • 6
1

Did you put [Authorize] across the whole class?

Then add [AllowAnonymous] across the ActionResult.

Refer: ASP.NET MVC 4 and the AllowAnonymous attribute

rbrayb
  • 46,440
  • 34
  • 114
  • 174
0

The [AllowAnonymous] attribute should do the trick, it can be put on an action or a controller.

Perhaps see MSDN

matt_lethargic
  • 2,706
  • 1
  • 18
  • 33
  • 1
    Nope, that did not work. I guess this attribute works when you've set the authentication mode to something other than `None` in `system.web` section. While in the case of WIF, the FAM and SAM modules are what manages the authentication and authorization. But that's just a guess... – Kassem Jun 05 '14 at 13:50