1

I have an asp.net mvc application that uses forms authentication. Some users require additional information for authentication. What I would like to do is when the user enters their name use ajax to call a method on the controller with the user name. Based on the result hide or show the additional fields on the forms. The issue that I am encountering is that I get a 401.2 error (Unauthorized) when making the ajax call. The steps I have taken, based on looking at similar questions, are:

a) I have added Application_BeginRequest method and if the call is requesting the controller and method then set the SuppressFormsAuthenticationRedirect.

b) I have also added the same test and setting in the Application_EndRequest.

c) I have created a custom Attribute, AuthorizeWithAjax, and added this on the method in the controller.

Before adding the SuppressFormsAuthenticationRedirect, when the call was made, the Login form was displayed again. After adding that, the login page stays, but the ajax method gets the Unauthorized error returned. Adding the AuthorizeWithAjax attribute did not change the behavior. The AuthorizeWithAjax method is not called. If after authentication, I enter the URL the AuthorizeWithAjax attribute code is executed and the method is executed. I am missing something and would appreciate any suggestions.

Thank you.

user2997439
  • 11
  • 1

1 Answers1

1

You can place an [AllowAnonymous] tag over the method that returns data before the user has authenticated.

See this answer for more detail.

Alex
  • 66
  • 3
  • Thank you. The referenced article was helpful. I had looked at it before, but when reviewing my web.config, there was an authorize with deny="?". As in the article, I have to add the [Authorize] on the controllers. – user2997439 Nov 07 '18 at 17:49
  • I've always preferred having the authorize set globally, then place [AllowAnonymous] tags on only the methods you need. Gives you piece of mind encase you forget to add an [Authorize] tag. – Alex Nov 08 '18 at 09:02