mvc page using authorize and specifying roles always fails authentication - Bugs & Issues - Bugs & Issues - Progress Community

mvc page using authorize and specifying roles always fails authentication

 Bugs & Issues

mvc page using authorize and specifying roles always fails authentication

  • mvc page using authorize and specifying roles always fails authentication
  • This is similar to this old issue:

    http://www.sitefinity.com/developer-network/forums/bugs-issues-/sf-5-1---mvc-page-using-authorize-and-specifying-roles-always-fails-authentication

    I am having it with SF 8.1. I am using the default role provider. 

    this always fails:

     [Authorize(Roles = "Administrators")]

    This works if you are logged in:

     [Authorize]

    Obviously I would like to specify roles to secure a few of my MVC endpoints.

    thanks,

    mark

  • Hi Mark,

    Those kind of setting authentication attributes based on specific user roles is not currently supported by feather. I would suggest you to stick to the standard widget or page permissions infrastructure. Follow the link with a documentation of how this can be achieved. There is another solution - using the standard Sitefinity User roles API in case you want to guard only a specific route action. Let me know if you need any further assistance.

    Regards,
    Kaloyan
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
  • So I have some admin pages and api endpoints that are standard MVC, but the only way to secure them is to query the user though the sitefinity User Role API (matching the logged in user's roles with allowed roles)?
  • d5a70179-d231-4c3e-a760-9aef7ee3c4ab_RolesAuthorize.zip
    Hello Mark,

    The most simple solution for your case is to extend the default "Authorize" attribute to work with Sitefinity Role base API. The attached file is a sample "RolesAuthorize" implementation that will do the trick. You just need to set the attribute to the action you want:

    [RolesAuthorize(Roles = "Authors, Administrators")]
    public ActionResult Index()
          return View("Default");

    Let me know if you have any further questions.

    Regards,
    Kaloyan
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
  • This does work thanks, but note without changing it will only work with "App" roles not the Backend roles defined by the app. It solves the issue I was having.