ASP.NET MVC: Override authorization filter roles for single action
Question
I have an Authorization Filter that annotates a controller class like so:
[Authenticated(Roles = "read_mail", "contact_user")]
public class MailController : Controller { ... }
However there is one action where the user needs to only one permission:
[Authenticated(Roles = "read_mail")]
public ActionResult Inbox() { ... }
As it's currently set up, only the filter that annotates the class is acknowledged and does the appropriate redirect. Is there a way to override it just for specific action or should I remove the filter from the controller and define it for every action instead?
1 answers
solution1
1 2016-03-24 17:50:22
You can influence the order in which filters are applied as described here . For your use case adding Order to your attributes probably does the trick:
[Authenticated(Roles = "read_mail", "contact_user", Order = 1)]
public class MailController : Controller { ... }
[Authenticated(Roles = "read_mail", Order = 0)]
public ActionResult Inbox() { ... }
The filter with the lowest Order will run first.
Edit
I just found out the Order won't do much good. Both filters still get executed (only in reversed order). To override the filter at controller level: Have a look at this answer .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.