security context

Topics: MVC, Troubleshooting
Jan 27, 2011 at 9:42 PM

I not found how separate security context on frontend & console

i explane: Authorization is required but users are not from CMS

Jan 28, 2011 at 12:58 AM

You can implement Forms Authentication which will not conflict with the C1 console at all. There are plenty of articles out there how to implement simple forms authentication, here is one of them :) http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx.

Another possibility is of course to use the already built Extranet module from Composite http://www.composite.net/C1/Offerings/Modules/Commercial-Modules.aspx.

Jan 28, 2011 at 10:53 AM
Edited Jan 28, 2011 at 10:53 AM

thank you for reply

I think you authentication module on console has general IPrincipal token

OK, I install MVC player and add 2 controller: Home & Account. In action on Home controller I set Authorize attribute and in web.config add section authentication, but when I trie view action as unauthorized user I got error, from MVC player, becouse was retrieved empty response.

I found solution, but I not like this:

public class MyAuthorize : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        var loginUrl = "~/Account/LogOn?ReturnUrl=" + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(loginUrl);
    }
}