Mixing Auth Basic Authentication and Forms in ASP.NET MVC3

Question

Mixing Auth Basic Authentication and Forms in ASP.NET MVC3

I have a website with some areas that require login through forms-based authentication, using my own provider, which connects to the database.

The website is in preview mode, so I want to protect the entire site with basic auth to prevent unauthorized access before it goes live.

The problem is that the basic and auth forms are on pages that will be publicly available to go to form registers.

How can I support forms-based authentication for access to logins and access to the portal, but protect the entire site from public access until moving to live using basic auth?

+5

iis asp.net-mvc-3 basic authentication

Daveo Aug 11 '12 at 2:40

source share

1 answer

AlexC · Answer 1 · 2012-08-13T08:12:21+0000

I think you can satisfy your use case as follows.

Inside the .Net authorization rule, create an anonymous user rule.

The Authentication site includes Basic and Forms authentication. Disable all other authentication types. This should require that all users authenticate using basic authentication to use the base site, and then require that the forms go into those parts of the site that require your authentication.

Mixing Auth Basic Authentication and Forms in ASP.NET MVC3

More articles: