Reputation: 1953
ASP.NET MVC Authorization Filter
If I register a global Authorize attribute in FilterConfig.cs so that each action method can only be accessible to authenticated users, and decorate some controllers with [Authorize(Role="Admin")] so that only admin users can access them, does authorization logic run twice on these controllers? What can I do to prevent that?
Upvotes: 1
Views: 707
Answers (1)
Reputation: 424
You can use an ASP.NET MVC "FilterProvider" provider. What this will do is help you to fetch all relevant filters from a specific controller and action.
So you can define your own provider and register that one instead of the default ones. this will give you full control over the asp.net filters and you can remove some filters based on your requirement.
Lets say we have following Controller.
[Authorize]
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
public ActionResult Whatever()
{
return View();
}
}
I think you are looking a way to do something as follows. concentrate on Index Action
[Authorize]
public class HomeController : Controller
{
[ExcludeFilter(typeof(AuthorizeAttribute))] // Excluding Authorize Important !
public ActionResult Index()
{
return View();
}
public ActionResult Admin() // will follow the declared authorize Attribute
{
return View();
}
}
If thats what you are Looking for then see this Article
Upvotes: 1
Related Questions
- Custom Authorization filter in ASP.NET MVC 5?
- Customizing authorization in ASP.NET MVC
- MVC configurable Authorization filter
- Authorization filter not working in my mvc project
- ASP.Net MVC Authorisation action filter
- how to create custom authorize filter in asp.net mvc3
- Authentication filters in MVC 5
- MVC 3 - authorization within a view
- How to create the custom authorize filter?
- create the authorize filter with parameter asp.net mvc