mvc page using authorize and specifying roles always fails authentication
This is similar to this old issue:
I am having it with SF 8.1. I am using the default role provider.
this always fails:
[Authorize(Roles = "Administrators")]
This works if you are logged in:
Obviously I would like to specify roles to secure a few of my MVC endpoints.
Those kind of setting authentication attributes based on specific user roles is not currently supported by feather. I would suggest you to stick to the standard widget or page permissions infrastructure. Follow the link with a documentation of how this can be achieved. There is another solution - using the standard Sitefinity User roles API in case you want to guard only a specific route action. Let me know if you need any further assistance.
So I have some admin pages and api endpoints that are standard MVC, but the only way to secure them is to query the user though the sitefinity User Role API (matching the logged in user's roles with allowed roles)?
The most simple solution for your case is to extend the default "Authorize" attribute to work with Sitefinity Role base API. The attached file is a sample "RolesAuthorize" implementation that will do the trick. You just need to set the attribute to the action you want:
This does work thanks, but note without changing it will only work with "App" roles not the Backend roles defined by the app. It solves the issue I was having.