I have a Pages table that stores all my view urls and this table has permissions linked to the user's role. My controllers inherit of a BaseController so I was wondering where I intercept the request and then return a InvalidPermissions view.
A:
You probably want to override OnActionExecuting or OnAuthorization, depending on what is available and what you need from the request/controller context. You might also want to think about using a custom ActionFilterAttribute or deriving from AuthorizeAttribute as a means to make it more flexible for each action/controller.
tvanfosson
2009-06-26 19:43:37
How do you return the View in the OnActionExecuting method
Jon
2009-06-26 20:07:33
@Jon -- my solution was to grab the source from www.codeplex.com and go to work. This article is a bit dated might help: http://weblogs.asp.net/scottgu/archive/2008/07/14/asp-net-mvc-preview-4-release-part-1.aspx. And, yes, the attributes can be applied both to controllers and specific actions. You can even have multiple versions of the attribute applied if you set it up properly. I have some controllers that require only authenticated connections, but have actions that are further restricted by their own attributes to require certain roles.
tvanfosson
2009-06-26 20:08:01
http://www.codeplex.com/aspnet -- to be specific.
tvanfosson
2009-06-26 20:08:31
@Jon -- you set the Result property on the ActionExecutingContext passed into the method.
tvanfosson
2009-06-26 20:10:36