CODEWITHSUNDEEP
asp.net-mvcasp.net-mvc-3action-filter
Saeid
Saeid

Reputation: 13582

How to add AuthorizeAttribute on global level and exclude it for some Actions?

I need to check if an action have specific attribute, and I need do it in the following method :

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) {

}

I know I can Check it here:

public override void OnAuthorization(AuthorizationContext filterContext) {

    filterContext.ActionDescriptor.IsDefined(typeof(AnonymousAllowedAttribute), true)
 ...
}

Does any one know how can I Get ActionDescriptor with System.Web.HttpContextBase object?

UPDATE

Actually I want if any of actions marked with AnonymousAllowedAttribute the AuthorizeCore method return true or if possible don't run (I mean my override method).

Upvotes: 4

Views: 3414

Answers (1)

Kirill Bestemyanov
Kirill Bestemyanov

Reputation: 11964

To do what you want you need to write and register new FilterProvider in your global.asax. Example:

public class AuthorizeFilterProvider:IFilterProvider
{
    public IEnumerable<Filter> GetFilters(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
    {
        if (!actionDescriptor.IsDefined(typeof(AnonymousAllowedAttribute), true))
            return new Filter[] {new Filter(new AuthorizeAttribute(), FilterScope.Action, 0), };
        return new Filter[0];
    }
}

global.asax:

protected void Application_Start()
    {
        ....
        RegsterFilterProviders(FilterProviders.Providers);
    }

    private void RegsterFilterProviders(FilterProviderCollection providers)
    {
        providers.Add(new AuthorizeFilterProvider());
    }

Now if any of your action is not marked [AnonymousAllowed] application think that it is marked as [Authorize]
PS: Don't forget to mark [AnonymousAllowed] your log on and register actions :)

Upvotes: 3

Related Questions