tags:

views:

73

answers:

2
+1  Q: 

MVC Authorize attribute deny

Hi,

I'm using the Authorize() attribute to secure my controllers/actions and want to only display the Login action to unauthenticated users - or to put it another way, deny access to authenticated users.

I haven't been able to find anything on the web dealing with either denying permission or allowing negative permissions (ie !LoggedIn)

Can someone please point me in the right direction?

MVC2, .Net 4

EDIT: To clairfy, I want something like this:

Public Class PublicController
    Inherits ControllerBase

    <Authorize()> 'Only logged-in users can logout
    Public Function Logout() as ActionResult
        Return View()
    End Function

    'Something here to indicate that only NON-authorized users should see this action
    Public Function Login() as ActionResult
        Return View()
    End Function

End Class
+1  A: 

I suggest you look at creating a custom ActionMethodSelectorAttribute. As described here: http://stackoverflow.com/q/2383094/148403

Clicktricity  2010-10-25 13:36:05
+1  A: 

Could it be as simple as this:

public class DenyAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return !base.AuthorizeCore(httpContext);
    }
}
jfar  2010-10-25 14:02:04
Interesting idea - The only problem is that I'm using the atributes to allow Telerik menu to securty trim my sitemap - I'm not sure if it will detect custom attributes (although I would hope so!). I'll give it a shot and get back to you in a day or so
Basiclife  2010-10-25 18:45:55
@Basiclife - It will, I'm familiar with some of their stuff, should pick up custom attributes fine. - Also this is the sort of thing you should include in your question. What kind of components your hoping to integrate this with would change the answer.
jfar  2010-10-25 18:58:21
@jfar Valid point :) and thanks
Basiclife  2010-10-26 14:26:30

related questions

What are the most important functional differences between C# and VB.NET?
Setting Group Type for new Active Directory Entry in VB.NET
ASP.Net Datagrid: in Footer calculate Avg or Sum for column
Opening a file in my application from File Explorer
HTML Email Editor in a Windows Forms Application
Datatables, Dataviews and distincts! (ASP.Net/VB)
Naming convention for VB.NET private fields
Visual Studio - new "default" property values for inherited controls
Change the width of a scrollbar
Is String.Format as efficient as StringBuilder
Default Form Button in FireFox
VB.NET - IsNothing versus Is Nothing
'Break' equivalent keyword for VB
What is the best way to wrap time around the work day?
Best SVN Client Ignore Pattern for VB.NET Solutions?
Long-time LAMP Developer moving to VB.NET
What's the best way to find long-running code in a Windows Forms Application
What is the best way to deploy a VB.NET application?
'Best' Diff Algorithm
Setting Objects to Null/Nothing after use in .NET
CSV File Imports in .Net
How do you migrate a large app from VB6 to VB .net ?
Floating Point Number parsing: Is there a Catch All algorithm?
Decoding T-SQL CAST in C#/VB.net
Reliable Timer in a Console Application