In a recent blog entry, we explained how to call an MVC Controller method from ASPX code-behind code. The demo didn't use any authorization and therefore, all methods were accessible anonymously.

When an authorization method is used, the HttpWebRequest won't be authorized and will be routed to the specified MVC login page. As most applications are using an authorization method, there are two ways of solving this:

  1. Usage of the AllowAnonymousAttribute

    This attribute marks controllers and actions to skip the authorization. With this attribute, the Controller method would look like this:

  2. Sending the AuthCookie with the request

    In this case, the authorization cookie will be sent with the WebRequest to authorize the request. The following code shows how to request the AuthCookie in order to add a newly created cookie to the HttpWebRequest:


    It is important to mention that FormsAuthentication must be enabled in this scenario: