asp.net mvc 3 - Custom Forms Authentication + MVC3 + AuthorizeAttribute

Question

I am essentially doing is this. However, whenever I use the built in AuthorizeAttribute, the MVC framework (I'm guessing) never looks at my principal to determine if the user has the proper roles. It keeps trying to create a new MDF file in the app_data directory, and because it doesn't have privileged it blows up.

Is this expected behavior, and should I derive my own AuthorizeAttribute and check the principal myself?

Another weird behavior to point out is that I have two sites on the same domain for which I'm doing single sign on. On either site, I'm using the same class library to recreate my custom principal on AuthenticateRequest, and I see when debugging that the principal is getting set correctly on each site. However, site 1 (the one which authenticates to the user) uses the built-in AuthorizeAttribute, and it works perfectly, but site 2, is trying to create an MDF file when any action that has the AuthorizeAttribute is called.

Answer 1

Ok, I figured it out, I had to add this to my web config under system.webServer. This removes the HttpModule that replaces my principal.

<modules runAllManagedModulesForAllRequests="true">
    <remove name="RoleManager" />
</modules>