0

This may be by design or it may be something I am or am not doing.

I have an MVC 4 application that the AccountController is using the Authorize attribute on. When the user is on the Login page, there is an Teller Issue Date that is used once they are logged in. I am trying to capture the change event on the Name field, which is working fine, and firing a Jquery function to get the Issue Date.

Here is the JQuery Ajax function:

function update_issue_date() {
var userName = $('#UserName').val();

$.ajax({
    type: 'GET',
    url: '/Account/GetIssueDate',
    async: true,
    data:
    {
        userName: userName
    },
    success: function(data) {
        $('#IssueDate').val(__format_date_for(new Date(data.issueDate)));
    }
});

In the AccountController I have the folowing Action:

        [AllowAnonymous]
    public ActionResult GetIssueDate(string userName)
    {
        var issueDate = DateTime.Now.Date;

        if (userName.Length > 0)
        {
            var user = userRepo.GetUser(userName);
            //var user = user_repository.get_all().FirstOrDefault(x => x.user_name == userName);
            var currentDate = DateTime.Now.Date;

            issueDate = (user == null || user.IssueDate < currentDate) ? currentDate : user.IssueDate;
        }

        return Json(new { issueDate = issueDate.ToShortDateString() }, JsonRequestBehavior.AllowGet);
    }

Here is what happens, if I have the Authorize stuff disabled in the web.config, then this function works as is should returning the proper Issue Date. But, if I have the Authorize things enabled, then the GetIssueDate Action does not seem to be fired. And I get the HTML for the Login Page.

I figure that even though I have the [AllowAnonymous] attribute on this Action, the application seems to ignore this when called from the Jquery function, and does not allow it to fire.

Is there a way around this, or perhaps another way to do what I am trying to do?

Thanks.

Ferlin Scarborough
  • 35
  • 1
  • 4
  • Welcome to StackOverflow. If an answer solves your issue, [you can accept this answer](http://meta.stackexchange.com/a/5235/170863). Then you can also upvote one or several answers with the gray up-arrow. – GG. Jul 26 '12 at 23:18
  • You should not have to *AllowAnonymous* for your Ajax call to work. If the session has been established, the session cookie will be sent with the request (you *are* using session cookies?). – Eric J. Jul 26 '12 at 23:26
  • The only thing I am aware I am doing with cookies is using the FormsAuthentication.SetAuthCookie upon login, but the user has not actually logged in at this point. You have to pardon me, still kind of new at this Web Programming stuff. – Ferlin Scarborough Jul 26 '12 at 23:28
  • Not sure if this will help, but this is what I see in the console mode in firebug: GET Http://localhost:1080/Account/GetIssueDate?userName=ferlin 302 Found – Ferlin Scarborough Jul 27 '12 at 05:39
  • How does your web.config looks like when you enable authorization? In ASP.NET MVC authorization is controlled with the `[Authorize]` attribute, not with web.config. – Darin Dimitrov Jul 27 '12 at 05:40
  • And 2 locations where users="*" for Content and Scripts. – Ferlin Scarborough Jul 27 '12 at 05:43

1 Answers1

0

You seem to be using your web.config to control authorization. That's not something that you should do in an ASP.NET MVC application. In ASP.NET MVC you use the [Authorize] attribute to decorate controllers/actions that require authorization. And its counterpart: the [AllowAnonymous] attribute.

So remove all <authorization><deny users="?" /></authorization> stuff from your web.config and then if you want all actions in your web site to require authentication except those decorated with the [AllowAnonymous] you could register the [Authorize] attribute as a global action filter. This is done in the ~/App_Start/FilterConfig.cs file:

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new AuthorizeAttribute());
        filters.Add(new HandleErrorAttribute());
    }
}

Of course in web.config you need to keep the authentication section which instructs ASP.NET that you are using forms authentication:

<authentication mode="Forms">
    <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • Sweet, that did it. I had tried removing that earlier, but I also removed the global filter, which made it go to home page instead of Login. I read some where that in order to use authorization to add those lines to my web.config, and the global filter. Apparently, that blog post was incorrect. I have accepted your answer since it worked like a charm. Again, thanks. – Ferlin Scarborough Jul 27 '12 at 05:58