I've already tried Use Anonymous authentication in MVC4 on single controller when the whole application uses Windows Authenticaion and IIS Mixed Anonymous and Windows Authentication , no such luck so far getting what I need to happen.
We have an MVC app on our network. Internally, it should use windows authentication, and we use an [AuthorizeByRole(param[] Role roles)] Attribute on many of our views / controllers.
However, we also need for external users to be able to access the app. We have contractors and physicians that don't have AD credentials, plus the mobile app uses an anonymous backend API.
What I need to happen: Internal users: auto login using windows authentication, nice and simple External users: Challenge for windows credentials (which it does) - if they hit cancel, they become an anonymous user, and can still view the app.
What happens now: Hitting cancel causes them to be redirected to the standard asp.net 401 page, rather than seeing the Guest page. Also, the mobile backend just automatically gets a 401, and can't hit the API at all.
Any thoughts?
more information
Here is a sample solution I have
In my web.config, I have:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
In IIS, I have
In my API controller, I put [AllowAnonymous] on both the controller and my GetKey method
On my phone, I go to /api/Auth/GetKey, and I'm challenged for AD credentials. When I hit cancel, I'm redirected to a 401 page.
