4

My ASP.NET MVC application is using Forms authentication with [System.Web.Mvc.Authorize] . I would like to use [System.Web.Http.Authorize] attribute to protect my Web API controller and because i'm calling it with HttpClient from my MVC controller I've have implemented a custom delegating handler like the one in the following post:

ASP.NET MVC 4 Web API Authentication with Membership Provider

When debugging i can see that the principal is set and the user has right roles but still I'm being redirected to the login page?

So basically when i log in and visit the WebAPI action with browser everything works (as would if i use AJAX from my views), but when i use HttpClient inside my controller (which i know is a new request with different context) with Basic authentication and set the principal i always get redirected.

I've tried so many solutions/workarounds and i'm always redirected to login page. Anyone has an idea.

Community
  • 1
  • 1
Matija Grcic
  • 12,963
  • 6
  • 62
  • 90
  • So, when you have logged in, did you verify in the delegating handler that the login cookie is sent for each request. If so, it should authorize you – Saravanan May 23 '14 at 03:54

1 Answers1

1

Here's an explanation:

System-web-http-authorize x System-web-mvc-authorize

Another interesting point is you use your custom authorization. I did it and it worked. Following example:

Customized authorization Mvc 4

Good Luck

Community
  • 1
  • 1
Fernando Arce
  • 332
  • 2
  • 14