tags:

views:

49

answers:

4
Q: 

Attributes on Areas in ASP.NET MVC 2?

The "Admin" area in my app contains a bunch of controllers, and it's a bit repetitive to put an [Authorize] attribute on all of them. Is there a way of telling the framework that all controllers in a certain area should have certain attributes?

Edit: Inheritance is not a solution in this case. First of all the controllers already inherits from a custom class, and secondly, it should be about decorating the classes, not inheriting them.

+1  A: 

You could create a base controller that all controllers in this area derive from and decorate it with the [Authorize] attribute.

Darin Dimitrov  2010-09-19 09:42:02
The inheritance chain is already busy unfortunately. :)
ciscoheat  2010-09-19 09:48:08
Oh, so you have an inheritance chain. Well then simply go to the base controller(s) and decorate :-)
Darin Dimitrov  2010-09-19 09:50:28
My base controller is shared between public and private areas...
ciscoheat  2010-09-19 09:51:35
Ouch, well, then introduce an intermediary base controller that derives from this base controller and make the controllers in the area derive from the intermediary controller (wow what a sentence :-)).
Darin Dimitrov  2010-09-19 09:53:50
I've considered that before, honestly. But to make things even more complicated, the base class is generic of type RestController<T>. So I need an AdminRestController<T> which feels outright strange, and that also doesn't cover the admin controllers that doesn't need a RestController. So I hope you understand there is a good reason for decoration, not inheritance. :)
ciscoheat  2010-09-19 10:06:33
A: 

There are four options,

  1. Create a separate base controller and make admin sectionsu inherit from it
  2. Add the Authorise Attribute to the controller class instead of each method / Actrion
  3. Decorate each on individually
  4. write your own logic for authorization and add that to your current base controller
Dusty Roberts  2010-09-19 11:51:25
+1  A: 

MVC 3 has a new feature called Global Action Filters which would be perfect for what you are doing. Since you're probably not on MVC 3 yet, you can also implement Global Action Filter in earlier versions of MVC by following this example. Just customize the solution to filter check if you are in the "Admin" area for the currently executing request, then apply your Authorize attribute.

This will allow you to do this without having to apply a common base class as you requested.

Steve Michelotti  2010-09-19 12:35:12
Great stuff, thanks!
ciscoheat  2010-09-20 08:52:28

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data