locked
How change individual user accounts to no authentication in mvc? RRS feed

  • Question

  • User-733224187 posted

    Hello everyone, I have an application in ASP.NET MVC where we started using individual user accounts, however as the application has evolved this mode ended up getting plastered for the application, I wonder if I can change change individual user accounts to no authentication in mvc, because that way we can make our permissions correct, but we do not want to start the application from scratch.
    Thanks in advance for the help I'm getting in the forum

    Monday, August 5, 2019 7:08 PM

Answers

  • User1520731567 posted

    Hi ecocash,

    As the upstairs said,you could add [AllowAnonymous] on action or controller.

    (Note:Anonymous properties are enabled if the site has form authentication enabled).

    [AllowAnonymous]
    public ActionResult Index()
    {
       return View();
    }

    However, if you find that the property is declared, you cannot access the Action,but instead jump to the login page of the authentication. 

    At this time, you can follow the steps below to solve the problem:

    1.First check if the application file Global.asax of the website has been authenticated and jumped. Pay attention to the special processing done in each event.

    2.If Global.asax doesn't do anything, then check if the controller's constructor has been authenticated and jumped, and whether the class inherited by the controller has been processed.

    3.The last is to check the Web.config website configuration file. Someone may add <authorization> element and set deny users="?" (reject all anonymous user access).

    Since the priority of <authorization> is greater than the AllowAnonymous attribute, the program first determines that deny user="?" after rejecting the anonymous user,

    it will skip all the authentication attributes in the Action method, causing the website to automatically jump to the login page of the authentication.

    In addition,if form authentication is already used in ASP.NET MVC,

    it is best not to set the authorization element in the configuration file.

    The authentication control should use the Authorize property and the AllowAnonymous property.

    Best Regards.

    Yuki Tao

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, August 6, 2019 3:09 AM

All replies

  • User475983607 posted

    Your question does not make sense. 

    No authentication means [AllowAnonymous] and the user does not have to login to access the Controller/Action.  Otherwise, use [Authorize] if you want to make sure the user logged.

    Monday, August 5, 2019 7:19 PM
  • User-474980206 posted

    just set  [AllowAnonymous] on the controllers you don't want to require authentication. 

    Monday, August 5, 2019 7:20 PM
  • User1520731567 posted

    Hi ecocash,

    As the upstairs said,you could add [AllowAnonymous] on action or controller.

    (Note:Anonymous properties are enabled if the site has form authentication enabled).

    [AllowAnonymous]
    public ActionResult Index()
    {
       return View();
    }

    However, if you find that the property is declared, you cannot access the Action,but instead jump to the login page of the authentication. 

    At this time, you can follow the steps below to solve the problem:

    1.First check if the application file Global.asax of the website has been authenticated and jumped. Pay attention to the special processing done in each event.

    2.If Global.asax doesn't do anything, then check if the controller's constructor has been authenticated and jumped, and whether the class inherited by the controller has been processed.

    3.The last is to check the Web.config website configuration file. Someone may add <authorization> element and set deny users="?" (reject all anonymous user access).

    Since the priority of <authorization> is greater than the AllowAnonymous attribute, the program first determines that deny user="?" after rejecting the anonymous user,

    it will skip all the authentication attributes in the Action method, causing the website to automatically jump to the login page of the authentication.

    In addition,if form authentication is already used in ASP.NET MVC,

    it is best not to set the authorization element in the configuration file.

    The authentication control should use the Authorize property and the AllowAnonymous property.

    Best Regards.

    Yuki Tao

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, August 6, 2019 3:09 AM
  • User-733224187 posted

    hello mgebhard, sorry if I did not express myself well, my problem is as follows, when we started our application in the option individual user accounts, because it was in the initial and there would be few roles to deal with, but when it evolves we need to create more roles in the project itself and insert in them the pages they could access, however we noticed that using the identy we got stuck in the project and custom authentication did not meet us 100%, so I was wondering if it is possible to revert this option of individual user accounts to none. Authentication and do everything manually our rules, we have a User table different from the UserAsp table, but every time trying to access the login view we created it redirects to the default login of identy

    https://drive.google.com/file/d/1b1FNM7PRzLgFjUK1BEpPAqAo7Wp5acga/view?usp=sharing

    Tuesday, August 6, 2019 11:39 AM
  • User475983607 posted

    we have a User table different from the UserAsp table, but every time trying to access the login view we created it redirects to the default login of identy

    Remove or comment the Identity configuration and start using your custom security.  There are several Individual Identity templates depending on what .NET version is targeted and the version of Visual Studio you are using.  If I assume OWIN, the configuration is in the App_Start/IdentityConfig.cs.

    but every time trying to access the login view we created it redirects to the default login of identy

    Cookie authentication causes the redirect not ASP.NET Identity.  Cookie authentication configuration is found in App_Start/Startup.Auth.cs.  I assume you'll want to reuse the cookie authentication to store user information between requests.  If not and you are using another framework feature like Session, then remove Cookie authentication as well.

    Tuesday, August 6, 2019 1:37 PM