Allow FilterAttributes on controller and action

Question

Allow FilterAttributes on controller and action

I would like to do this:

[RequiresAuthentication(CompanyType.Client)] public class FooController { public ActionResult OnlyClientUsersCanDoThis() public ActionResult OnlyClientUsersCanDoThisToo() [RequiresAuthentication] public ActionResult AnyTypeOfUserCanDoThis()

You can understand why this will not work. In the third step, the controller level filter blocks non-clients. Instead, I would like to "resolve" conflicting filters. I would like for a more specific filter (action filter) to always win. It seems natural and intuitive.

Once the filter filterContext set MethodInfo for the executing action. That would make it pretty easy. I thought about making some thought using the route information. This will not work, because the action may be overloaded, and I cannot determine which one is current.

An alternative is a scope filter at the controller level or action level, but without a mix, which will create a lot of additional attribute noise.

+2

asp.net-mvc

Tim scott Nov 07 '08 at 23:53

source share

3 answers

Haacked · Answer 1 · 2008-11-08T05:50:47+0000

We are exploring a way to display other filters, but not promises.

Applying a filter to a controller is not really a "region"; it is just a short hand to apply to all filters. Unfortunately, this means that you cannot include all but one of the actions. One easy way to do this is to put this method on another controller. You can even add a custom route for just one case so that the URL does not change.

Thomas · Answer 2 · 2010-01-13T20:49:23+0000

you can put the authorization logic in the OnActionExecuting (..) method of the controller, i.e.

 public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); new RequiresAuthentication() { /* initialization */ }.OnActionExecuting(filterContext); }

Hope this helps,

Thomas

saintedlama · Answer 3 · 2011-10-29T08:00:27+0000

You can change the order of the filters using the general auth filter on the controller and specific authorization filters for actions. Anyway:

 [RequiresAuthentication] public class FooController { [RequiresAuthentication(CompanyType.Client)] public ActionResult OnlyClientUsersCanDoThis() [RequiresAuthentication(CompanyType.Client)] public ActionResult OnlyClientUsersCanDoThisToo() public ActionResult AnyTypeOfUserCanDoThis()

Allow FilterAttributes on controller and action

More articles: