Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET MVC: Opposite of [Authorise]

Tags:

asp.net-mvc

authorization

The authorize filter allows you to specified group of users that can access a controller or action:

[Authorize(Roles="Administrator")]
public class HomeController : Controller
{
    // code
}

I would like to know if it is possible to, instead, specify a group of users that cannot access a controller or action.

like image 849
ajbeaven Avatar asked Sep 04 '09 00:09

ajbeaven

People also ask

Which attribute is used to override required authentication?

. net - Override Authorize Attribute in ASP.NET MVC - Stack Overflow.

What is MVC Authorize?

In MVC, the 'Authorize' attribute handles both authentication and authorization. In general, it works well, with the help of extension to handle AJAX calls elegantly, and to distinguish between unauthorized users and those who are not logged in.

What is AllowAnonymous in MVC?

The AllowAnonymous attribute in MVC is used to skip the authorization which is enforced by Authorization Filter in MVC. [AllowAnonymous] public ActionResult NonSecured() { return View();

What is AllowAnonymous?

AllowAnonymous lets users who have not been authenticated access the action or controller. In short, it knows based on the token it receives from the client.

1 Answers

I tried creating my own AuthorizationAttribute after twk's suggestion:

public class Restrict : AuthorizeAttribute
{
    private readonly string _role;

    public Restrict(string role)
    {
        _role = role;
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        if (httpContext.User.IsInRole(_role))
            return false;

        return true;
    }
}

And I use it like this:

[Restrict("Administrator")]
public class HomeController : Controller
{
    // code
}

I'm unsure whether it is correct practice but it does the job.

like image 194
ajbeaven Avatar answered Oct 25 '22 11:10

ajbeaven
Sign in to Comment

Related questions

Windows Authentication Asp.net core 2 database role authorization
Index out of range exception in FieldNameLookup.GetOrdinal when running SqlQuery EF
Antiforgery cookie in ASP.NET Core 2.0
How to obtain user's current visiting country location in .NET MVC?
Is there a session start equivalent in .Net Core MVC 2.1?
How to Post file along with form data to MVC controller using Ajax?
Excel file not being downloaded when function is called via ajax method
Why does asp.net running on .net 4.8 add a http header x-aspnet-version: 4.0.30319
Handle errors with ErrorController rather than a direct view
ASP.NET MVC and JQuery get info to controller
alternative asp.net MVC view engines
Download ASP.NET MVC reference and integrate it with local MSDN Library
How to edit and continue in Visual Web Developer 2008 Express Edition and ASP.NET MVC?
ASP.NET MVC: clearing TempData after a controller method executes
jQuery to re-enable form after a file result is returned
"__o" is not declared in Visual Studio 2008 doing ASP.NET
Posting a form and redirecting to action ASP.NET MVC
FileContentResult and international characters
ASP.NET MVC URL Routes
Two .NET projects, one DB connection string?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!