Reputation: 10236
Authorisation exceptions
I've tagged my controller with an authority annotation but would like to exempt one of the methods... can that be done? how?
[Authorize(Roles="Admin")]
public class ProductController : Controller
{
[DEAUTHORIZE]
public ActionResult Start(int it)
{ ... }
Upvotes: 1
Views: 701
Answers (2)
Reputation: 836
In MVC 4 was introduced AllowAnonymousAttribute which tells action invoker to skip AuthorizeAttribute.
[AllowAnonymous]
Upvotes: 4
Reputation: 1039408
No, this can't be done. The standard way to achieve this is to simply move the Start action out in a separate controller. Another possibility consists into building a custom IFilterProvider which will apply the authorization attribute conditionally instead of baking it manually into the ProductController. For example NInject uses this and provides a pretty fluent syntax into configuring action filters. You can conditionally apply them based on the current context.
Upvotes: 2
Related Questions
- ASP MVC Authorize Error
- Authentication failed - System.InvalidOperationException
- Error when using [Authorize]
- Why are my MVC 4 Authorize checks throwing an exception?
- ASP.Net MVC3 Controller Authorize attribute issue
- ASP.NET MVC 3 AuthorizeAttribute
- FormsAuthentication problem
- Authorization MVC3-ASP.NET
- ASP.NET MVC 3 error when using forms authentication
- ASP.NET MVC 2 authorization problem