tags:

views:

1540

answers:

3
+1  Q: 

ASP.NET MVC Roles Authorization

I want to make the roles default for my controller class to "Administrators, Content Editors"

[Authorize(Roles = "Administrators, Content Editor")]

I've done this by adorning the controller with the attribute above. However, there is one action that I want to be available to all (namely "View"). How can I reset the Roles so that everyone (including completely unauthorized users) have access for this action.

Note: I know I could adorn every single action other action with the authorize attribute above but I don't want to have to do that all the time. I want all of the controllers actions to be unacessible by default so that if anyone adds an action they have to make a considered decision to make it available to the general public.

Cheers...

A: 

The only solution I can think of so far is to create and register another controller so that I have one for anonymous access, and one for authorized access but that's not quite as elegant as I would have liked.

Owen Thomson  2009-04-23 08:15:50
+1  A: 

You can place the Authorize attribute on the action methods. Not just at the class level.

So, move the attribute from the controller class to just the action methods you want to secure.

Kieron  2009-04-23 08:21:51
Hi Kieron, thanks for the response. As the Note part of my question stated I'm aware this is possible but I want the default for the controller actions to be unaccessible without having to adorn them with the authorize attribute.
Owen Thomson  2009-04-23 08:26:16
+1  A: 

So are you wanting something like http://stackoverflow.com/questions/780436?

dave  2009-04-23 11:01:46
Yup - looks about right ... wish this was inbuilt to the std controllers but not a big effort to code for. Thanks for linking me up.
Owen Thomson  2009-05-16 11:24:27

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data