views:

229

answers:

1

Hi, I would like to secure my MVC controller actions using...

[PrincipalPermission(SecurityAction.Demand, Role="Administrator")]

However, if the user is not in this role then a SecurityException "Request for principal permission failed." is thrown by the code.

There seems to be no way to handle this error, even [Handle] error wont catch it.

What I would like is a way to catch the security exceptions and then redirect the user to my Login page (or route).

Or, some way to write my own action filter that I can add to any method e.g.

[MustBeAnAdministrator]

... which would check if the user is in the correct role, and redirect them. However, I cant seem to get a redirection to work in an action filter.

Thanks.

+1  A: 

In our MVC-project we use the

<Authorize(Roles:="Administrators")>

Function given by the MembershipProvider - which we fitted to our conditions. If the user is not logged in he will be forwarded to the login-screen.

Olaf Watteroth