Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

MVC Authorize attribute deny

I'm using the Authorize() attribute to secure my controllers/actions and want to only display the Login action to unauthenticated users - or to put it another way, deny access to authenticated users.

I haven't been able to find anything on the web dealing with either denying permission or allowing negative permissions (ie !LoggedIn)

Can someone please point me in the right direction?

MVC2, .Net 4

EDIT: To clairfy, I want something like this:

Public Class PublicController
    Inherits ControllerBase

    <Authorize()> 'Only logged-in users can logout
    Public Function Logout() as ActionResult
        Return View()
    End Function

    'Something here to indicate that only NON-authorized users should see this action
    Public Function Login() as ActionResult
        Return View()
    End Function

End Class
like image 204
Basic Avatar asked Dec 13 '22 18:12

Basic


1 Answers

Could it be as simple as this:

public class DenyAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return !base.AuthorizeCore(httpContext);
    }
}
like image 195
John Farrell Avatar answered Dec 30 '22 19:12

John Farrell