tags:

views:

64

answers:

3
Q: 

How to check if user is authorized inside Action

Usually I protect my Actions with [Authorize] but this time I need to check if a user is authorized inside the action.

Eg

if(userIsAuthorized) {
    //do stuff
}
else {
    //return to login page
}

I believe I am using 'Forms Authentication'

This question is kind of similar to this but none of the answers given seemed to work.

EDIT: I have done some more digging- it seems if I breakpoint on an Action that has [Authorize], the User.Identity is set, but on Actions without it, the User.Identity is empty, even if I am logged in

+1  A: 

I suggest first figuring out what kind of Authorization your using. ;)

The answer you posted is correct. From what I remember poking around the [Authorize] attribute and related ActionFilter code MVC internally calls Page.User.Identity.IsAuthenticated just like those code examples.

jfar  2010-02-05 03:05:01
Double checked and it is Forms Authentication
elwyn  2010-02-05 03:22:53
+1  A: 

Request.IsAuthenticated should work for what you're trying to do.

Esteban Araya  2010-02-05 03:23:40
If I do that on an Action decorated with `[Authorize]` it works fine, however if I do that on this Action (not decorated with [Authorize]) it is always false, regardless of whether I am logged in or not.
elwyn  2010-02-05 03:26:11
+2  A: 

If you just want to know if the user is logged in:

if (User.Identity.IsAuthenticated) { ... }

If you are trying to do anything role-specific:

if (User.IsInRole("Administrators")) { ... }

The User instance is a public property of the Controller class, so you always have access to it from a Controller you write. If no user is logged in you should have a GenericPrincipal for the User and a GenericIdentity for the User.Identity, so don't worry about checking for nulls.

Aaronaught  2010-02-05 03:27:52
Again, only gives me 'true' if used within an `[Authorize]`'d Action
elwyn  2010-02-05 03:29:33
@elwyn: I don't believe that's correct. I just tested it here on an action without the `[Authorize]` attribute and `User.Identity.IsAuthenticated` is `true`. Are you sure that the session is actually logged in when you are testing this?
Aaronaught  2010-02-05 03:33:31
@Aaronaught Yes, just double (triple) checked, definantly logged in while trying that, and still see false
elwyn  2010-02-05 03:36:04
-----In my non-[Authorize]'d Action:User.Identity{System.Security.Principal.GenericIdentity} [System.Security.Principal.GenericIdentity]: {System.Security.Principal.GenericIdentity} AuthenticationType: "" IsAuthenticated: false Name: ""-----In an Authorized one:User.Identity{System.Web.Security.FormsIdentity} [System.Web.Security.FormsIdentity]: {System.Web.Security.FormsIdentity} AuthenticationType: "Forms" IsAuthenticated: true Name: "admin"
elwyn  2010-02-05 03:37:35
Sorry for lack of formatting, doesn't look like I can use tags in comments :/
elwyn  2010-02-05 03:38:37
@elwyin: Nothing I can do reproduces the behaviour that you seem to be seeing. You do not need the `[Authorize]` attribute for `User` and `User.Identity` to be valid. Do you have any other attributes on the Controller? Have you tried doing this in a new, clean MVC project, to make sure that nothing else in your app is interfering?
Aaronaught  2010-02-05 03:43:37

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data