Support for Authorize attribute

Imported from the CodePlex archive for reference purposes. Support for MvcCodeRouting has ended.

Commented on April 29, 2014

I just attempted to add Active Directory role based authorization to my MvcCoderouting ApiController (.NET Framework 4.0) by decorating my actions with the [Authorize(Role=@"domain\ADgroup")] attribute.

I am in an Intranet environment (Domain controller/Web Server on Domain) and have checked my web.config for the following:

<authentication mode="Windows" />
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true">
    <providers>
      <clear />
      <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
    </providers>
</roleManager>

The Authorize attribute appears to be completely ignored.

Commented on April 29, 2014 link

To rule out possible AD config issues, I added a

if(User.IsInRole(@"domain\group")) {
}

code switch at the beginning of the action just to confirm that functions properly - it does.

Commented on April 29, 2014 link

MvcCodeRouting doesn't do anything related to authorization.