Reputation: 4513
ASP.NET MVC 3 - How to restrict areas in an efficient way?
I've got an ASP.NET MVC 3 site with an admin panel (don't we all? :) - I've used my own solution for a very secured login system.
Now, on each view in the admin controller I need to make checks that the user is logged and has the proper authorization, so each time I run the same verification and authorization methods on each view separately.
How could I make the same checks for all the requests to a certain controller? (I mean, right all the checks only once and in one place)
(I also would like to have an exception, so I could allow user to use the login page inside the admin controller and outside of it)
Thanks!
Upvotes: 4
Views: 1482
Answers (3)
Reputation: 1731
If you want to limit the entire controller instead of the individual actions you could place the [Authorize] attribute like so:
[Authorize]
public class PageController : Controller
{ ... }
Upvotes: 1
Reputation: 5303
What you're looking for is action filter attributes. They are basically an attribute you can place on a controller that allows you to intercept calls to every action method within a controller and are therefore perfect for security as you can deny/accept requests: http://msdn.microsoft.com/en-us/library/system.web.mvc.actionfilterattribute.aspx
Upvotes: 2
Related Questions
- How can we set authorization for a whole area in ASP.NET MVC?
- How to protect an entire MVC Area by IP/Role/User?
- In MVC3 how to restrict access to an Area with a role-based authorization?
- ASP.Net MVC3 Areas and Security
- Suggestions on how to accomplish a specific functionality in MVC3
- ASP.NET MVC3 Areas
- Area level security for asp.net mvc
- MVC Multiple Areas MVC 3
- Forms Authentication (restrict an area)
- Limit controllers to specific area only