Menu
In ASP.NET MVC 3 I can put AuthorizeAttribute inside Global.asax's RegisterGlobalFilters, and it will apply to all controllers' actions. But how can I exclude some controller actions so these actions can be called without the user logging in?
EDIT:
Sorry, additional question, if I add authorize on the class, how can I exclude one action?
578
You can't do this with global filters. As their name indicates => they are global.
One way is to have all controllers that require authorization derive from a common base controller decorated with the [Authorize] attribute. Controllers that doesn't require authorization will not derive from this base controller.
Another possibility in ASP.NET MVC 3 is to write a custom IFilterProvider which based on the context will apply or not the given filters. I would recommend you reading the following blog post.
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
