I'm building a MVC4 application for internal use in a corporate enviroment. I use windows authentication, which works fine, but I'm having troubles using Active Directory groups as roles for authorization.
My Web.config looks like this:
<authentication mode="Windows" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<authorization>
<deny users="?" />
</authorization>
When I use User authorization it works fine:
[Authorize(Users = @"DOMAIN\User1, DOMAIN\User2")]
public ActionResult Create()
{
return View();
}
But when I use roles, it just don't let users in that group to access this action:
[Authorize(Roles = @"Domain\Group")]
public ActionResult Create()
{
return View();
}
I also tried specifying the group without the domain as I read in other replies, but no luck... I guess I'm missing something in the Web.config, but I'm not sure what...
I was avoiding to use a custom role provider because MVC4 is supposed to achieve this without a custom role provider (or at least that's what I thought)
Can anyone help me with this?
Thanks in advance!
I found which was the problem. After reading some info about the machine.config here I checked that I had the correct configuration applied already.
Fianlly I got it working just like this:
[Authorize(Roles = "Domain\\Group")]
public ActionResult Create()
{
return View();
}
The problem was the way I typed the groups.
I hope this can help other people.