I can spin up a standard asp.net mvc 4 intranet project and decorate the controller or methods with things like:
[System.Web.Mvc.Authorize(Roles = "MyApp Users")]
I have tested it and it will work perfectly (since my domain account is a member of the "MyApp Users" in Active Directory)
However my problem/question is how do I get the same type of behavior for a "Hot Towel" application? I try decorating my breeze controller, HotTowel Controller, or any method with the same attribute and I can never authenticate... what gives?
Your help is greatly appreciated.
Finally figured it out. I hope this is of use to others.
First you must set the WindowsProvider as your roleManager like so:
<roleManager defaultProvider="WindowsProvider"
enabled="true"
cacheRolesInCookie="false">
<providers>
<add
name="WindowsProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
Then you will be able to check the roles for the user [using Roles.IsUserInRole()], and more specifically to this question use the authorize attribute. The only thing is that you will have to include the domain in the authorize attribute, like so:
[System.Web.Mvc.Authorize(Roles = "YourDomain\\MyApp Users")]
And now everything works as you would expect.