ASP.NET MVC 3 - How to Limit Areas Effectively?

Question

ASP.NET MVC 3 - How to Limit Areas Effectively?

I have an ASP.NET MVC 3 site with an admin panel (not all of us? :) - I used my own solution for a very reliable login system.

Now, on each view in the administrator controller, I need to check that the user is registered and has proper authorization, so every time I run the same verification and authorization methods on each view separately.

How can I do the same checks for all requests to a specific controller? (I mean, all checks are checked only once and in one place)

(I would also like to have an exception, so I could allow the user to use the login page of the administrator controller and beyond)

Thanks!

+4

security asp.net asp.net-mvc asp.net-mvc-3

Roman Oct 27 '11 at 8:09

source share

3 answers

What you are looking for are action filter attributes. They are mainly an attribute that you can place on the controller, which allows you to intercept calls for each action method inside the controller and is therefore ideal for security, as you can reject / accept requests: http://msdn.microsoft.com/ en-us / library / system.web.mvc.actionfilterattribute.aspx

+2

Kevin holditch Oct 27 '11 at 8:13

source share

If you want to limit the entire controller instead of separate actions, you can put the [Authorize] attribute as follows:

 [Authorize] public class PageController : Controller { ... }

+1

Ron Oct 27 '11 at 15:23

source share

Tetaxa · Accepted Answer · 2011-10-27T08:12:01+0000

Use the attribute on the controller. Either the AuthorizeAttribute standard (see this ), or write your own.

ASP.NET MVC 3 - How to Limit Areas Effectively?

More articles: