Reputation: 24450
How to exclude one controller action from authorize filter in ASP.NET MVC 3?
In ASP.NET MVC 3 I can put AuthorizeAttribute inside Global.asax's RegisterGlobalFilters, and it will apply to all controllers' actions. But how can I exclude some controller actions so these actions can be called without the user logging in?
EDIT:
Sorry, additional question, if I add authorize on the class, how can I exclude one action?
Upvotes: 4
Views: 9278
Answers (1)
Reputation: 1038850
You can't do this with global filters. As their name indicates => they are global.
One way is to have all controllers that require authorization derive from a common base controller decorated with the [Authorize] attribute. Controllers that doesn't require authorization will not derive from this base controller.
Another possibility in ASP.NET MVC 3 is to write a custom IFilterProvider which based on the context will apply or not the given filters. I would recommend you reading the following blog post.
Upvotes: 9
Related Questions
- Excluding an action from authorization in ASP.NET MVC 2
- Exclude some actions from Authorize in ASP.net MVC
- Is it possible to disable authorization on one action in an MVC controller?
- ASP.Net MVC Authorisation action filter
- How to exclude a controller from being authenticated
- ASP MVC Authorize all actions except a few
- How to restrict access to certain actions in controller in ASP.net MVC
- Can you enable [Authorize] for controller but disable it for a single action?
- How to add AuthorizeAttribute on global level and exclude it for some Actions?
- Distinguishing controller actions using authorization filters