Reputation: 1731
Stacking Authorization in MVC3 Controller
Is it possible to stack several custom AuthorizeAttribute on a controller?
I tried doing something like this:
[IsOwner]
[IsFranchisee]
public class CartController : Controller
{
...
}
but it's behavior is erratic. Sometimes it works, sometimes it doesn't (mostly the latter).
Upvotes: 0
Views: 169
Answers (3)
Reputation: 8758
Are you sure your implementation is correct?
I'm asking because there is no guaranteed order with FilterAttributes, (which AuthorizeAttribute derives from) unless you set the Order property.
Because you said the behavior is erratic, I was thinking maybe one attribute cancels the other out. For example your user IsOwner == true, but IsFranchisee == false. Maybe whether or not permission is granted depends on which executes first?
So, you could try giving your attributes an order property and see if the behavior is still erratic
Upvotes: 1
Reputation: 82297
Usually for dynamic authorization, the controller or action is given a single [Authorize] annotation and then inside the controller or action the authorization is handled.
Upvotes: 1
Reputation: 68707
Yes you can. If you like at the source for the AuthorizeAttribute, it has AllowMultiple = true.
Upvotes: 3
Related Questions
- ASP.NET MVC Authorize user with many roles
- MVC Role Authorization
- Multiple User Roles in Authorize
- MVC Condintional Authorization
- MVC 3 dynamic authorization of multiple roles and users
- ASP.NET MVC3 view authorization design
- Centralized Authorization of Controllers and Actions (ASP.NET MVC 3)
- Authorization MVC3-ASP.NET
- How to avoid duplication of authorization code logic
- asp.net mvc authorization using roles