+2  A: 

Do not reinvent AuthoriazeAttribute. Your version won't handle cached actions; the built in AuthorizeAttribute will. If you need to customize your authentication, then customize the membership provider or subtype AuthorizeAttribute, rather than reinventing MVC security.

Craig Stuntz  2010-01-12 17:01:54
But i think I should be using the default Membership / Role providers. I have a custom part which defines allowed Pages for the default RoleProvider roles. I need to hook this custom part up with the default authentication but I have no idea on what to implement/where this should go...?
Ropstah  2010-01-12 18:20:07
Be aware that Microsoft already has AzMan/AuthorizationManager which can map groups to roles. That said, if it won't work for you, you can subtype `AuthorizeAttribute` and override `AuthorizeCore`. Be *very* aware that your code here must be (1) fast and (2) thread-safe. Read the comments in the MVC source. But I'd probably pick AzMan instead.
Craig Stuntz  2010-01-12 18:25:27
I think i can go with AzMan. However I'm not able to find any easy implementations around on the web... Isn't there quite a bit of work involved here?
Ropstah  2010-01-12 18:34:02
sidenote: I need the User (creation) / Page (creation) / Role (management: authorization to pages) in a webbased admin solution... So I'd like to avoid having to use servertools, windows users etc..
Ropstah  2010-01-12 18:37:23
For AzMan there's a role provider for ASP.NET which should "just work" with MVC. But the admin interface is a MMC snapin.
Craig Stuntz  2010-01-12 18:56:43
So that means I'm better off using a custom AuthorizeAttribute. Does this mean I have to add this attribute to every controller action?
Ropstah  2010-01-12 19:03:58
You can add it to a base controller class and it will apply everywhere.
Craig Stuntz  2010-01-12 19:47:03
Nice, classattribute ;), you've helped me a lot, thanks!
Ropstah  2010-01-12 20:24:45

related questions

What are the most important functional differences between C# and VB.NET?
Setting Group Type for new Active Directory Entry in VB.NET
ASP.Net Datagrid: in Footer calculate Avg or Sum for column
Opening a file in my application from File Explorer
HTML Email Editor in a Windows Forms Application
Datatables, Dataviews and distincts! (ASP.Net/VB)
Naming convention for VB.NET private fields
Visual Studio - new "default" property values for inherited controls
Change the width of a scrollbar
Is String.Format as efficient as StringBuilder
Default Form Button in FireFox
VB.NET - IsNothing versus Is Nothing
'Break' equivalent keyword for VB
What is the best way to wrap time around the work day?
Best SVN Client Ignore Pattern for VB.NET Solutions?
Long-time LAMP Developer moving to VB.NET
What's the best way to find long-running code in a Windows Forms Application
What is the best way to deploy a VB.NET application?
'Best' Diff Algorithm
Setting Objects to Null/Nothing after use in .NET
CSV File Imports in .Net
How do you migrate a large app from VB6 to VB .net ?
Floating Point Number parsing: Is there a Catch All algorithm?
Decoding T-SQL CAST in C#/VB.net
Reliable Timer in a Console Application