This blog post contains outdated information.
The cited code snippets may be workarounds, and be part of the official API in the meantime.
Sending Authorized Requests from WebForms to MVC
When calling MVC controller methods from ASPX code-behind using HttpWebRequest, authorization may block the request. Two approaches work: applying AllowAnonymousAttribute to bypass auth on the action, or forwarding the FormsAuthentication cookie with the request to authenticate properly.
In a recent blog entry, we explained how to call an MVC Controller method from ASPX code-behind code. The demo didn't use any authorization and therefore, all methods were accessible anonymously.
When an authorization method is used, the HttpWebRequest won't be authorized and will be routed to the specified MVC login page. As most applications are using an authorization method, there are two ways of solving this:
-
Usage of the AllowAnonymousAttribute
This attribute marks controllers and actions to skip the authorization. With this attribute, the Controller method would look like this:
[HttpPost] [AllowAnonymous] public bool SaveTemplate(string document) { // these are the values coming from the HTTP Post action // of the ASPX page string doc = document; // the document can now be saved in your Controller action // ... // return true, if successful return true; } -
Sending the AuthCookie with the request
In this case, the authorization cookie will be sent with the WebRequest to authorize the request. The following code shows how to request the AuthCookie in order to add a newly created cookie to the HttpWebRequest:
Uri uri = new Uri("http://" + Request.Url.Authority + "/Home/SaveTemplate"); HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri); // get the AuthCookie var authCookie = FormsAuthentication.GetAuthCookie(User.Identity.Name, true); // create a new Cookie Cookie requestAuthCoockie = new Cookie() { Expires = authCookie.Expires, Name = authCookie.Name, Path = authCookie.Path, Secure = authCookie.Secure, Value = authCookie.Value, Domain = uri.Host, HttpOnly = authCookie.HttpOnly, }; // add the AuthCookie to the WebRequest request.CookieContainer = new CookieContainer(); request.CookieContainer.Add(requestAuthCoockie);It is important to mention that FormsAuthentication must be enabled in this scenario:
<system.web> <authentication mode="Forms"/> </system.web>
Related Posts
ASP.NETJavaScriptDocument Editor
Detect Toggle Button Changes Using a MutationObserver
This article shows how to detect changes of toggle buttons in the ribbon of the web editor using a MutationObserver. The state of a toggle button in the ribbon visualizes the state of a certain…
Implementing Conditional Table Cell Colors with MailMerge
This ASP.NET MVC sample shows how to implement conditional table cell colors using the online document editor and an ASP.NET backend.
Deploying the MVC HTML5 Editor to Azure App Services
The TX Text Control HTML5-based document editor requires a backend service hosted on a dedicated Azure VM, while the ASP.NET MVC front-end application deploys to Azure App Services. TCP port 4275…
Sneak Peek X15: Copy to Local Clipboard Support in ASP.NET Version
TX Text Control X15 introduces local clipboard support for the HTML5 ASP.NET editor. A toggle switches between the server-side clipboard with full formatting and the client-side HTML clipboard.…
Sneak Peek X15: Custom Field Overlays in HTML5-based Text Control
TX Text Control X15 introduces a bounds property on fields in Web.TextControl, returned through the textFieldEntered event. Developers can position custom HTML overlays at field locations to…