ASP.NET MVC Authenticate

Question

is it possible to create something like this i ASP.NET MVC beta 1

i have tried but the

override bool OnPreAction(string actionName, 
                          System.Reflection.MethodInfo methodInfo)

does not exsist anymore and

override void OnActionExecuting(ActionExecutingContext filterContext)

don't give me access to the action name

Answer 1

In the blogpost you are referring to, the author states that

One way to solve this problem is by using the attribute based security as shown on this post. But then you will have to decorate your actions with the security attribute which is not a good idea.

I think it's a perfectly fine way to go about it and it is supported by the framework. It will give you a nice declarative implementation. Check out the AuthorizeAttribute in System.Web.Mvc. It will allow you to do something like this:

[Authorize(Roles="Admin, Editor")]
public ActionResult Delete(int id){
    (...)
}

Since the Delete action alters the state of your system, I would also add an AcceptVerbs attribute like so:

[AcceptVerbs(HttpVerbs.Post)]
[Authorize(Roles="Admin, Editor")]
public ActionResult Delete(int id){
    (...)
}

This will make sure that the action will not accept GET requests.

Answer 2

Create a custom attribute

Answer 3

i would like a way to do it so i don't need to decorate my actions

Answer 4

What is the reasoning for not wanting to decorate your actions with an authorization attribute? Sorry, but I think I'll have to understand your situation better, if I am to try to provide a better answer than the one already given.