Custom Forms Authentication + MVC3 + AuthorizeAttribute

Question

I am essentially doing is this. However, whenever I use the built in AuthorizeAttribute, the MVC framework (I\'m guessing) never looks at my principal to determine if the us

Answer 1

By default, a new MVC3 application uses the SqlMembershipProvider as the default authorization mechanism, and tries to store the details in a SQL Express db (MDF file).

So try clearing that in the web.config:

As long as you are implementing all the security objects correctly (IPrincipal, IIdentity), and decryping the forms authentication ticket on Application_AuthenticateRequest, the built-in [Authorize(Roles="RoleName")] should work for you.

In that link you posted, that is essentialy what we are doing, and it works great.