Home/ Questions/Q 8399779
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T21:23:49+00:00

In my MVC application I’m using WIF. I’ve added STS reference using Visual Studio

  • 0

In my MVC application I’m using WIF. I’ve added STS reference using Visual Studio built-in tool. FedUtil has generated some entries in web.config:

<microsoft.identityModel>
    <service>
      <claimsAuthenticationManager type="Social.Core.Security.RolesAwareClaimsAuthenticationManager, Social.Core" />
      <audienceUris>
        <add value="http://app.something.com/" />
      </audienceUris>
...

As you can see, additionally I’ve written custom ClaimsAuthenticationManager to add some claims to those already received from STS.

Nevertheless, in the application I have restricted page:

public class ProfileController : BaseController
{
    [Authorize]
    public virtual ActionResult Index()
    {
        // restricted area
    }
}

I’ve added AuthorizeAttribute on the restricted action. I need authentication only while entering app.something.com/profile/index. Unfortunately, now logon form shows while entering any part of the application, for example main page app.something.com.

How to correlate WIF authentication with AuthorizeAttribute and only authorize what I need ? Maybe I need to add app.something.com/profile/index somewhere in web.config or in STS ? Any clues ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When you run the Add STS reference, the wizard will add the authotization section and deny anonymous users. Remove that.

    <authorization>
  <deny users="?" />
</authorization>
    • 0