Is there a way I can set [Authorize (Roles = "admin")] for every action in the MVC controller

Question

Is there a way I can set [Authorize (Roles = "admin")] for every action in the MVC controller

I have the following:

[Authorize(Roles = "admin")]

I configure it for every action on my controller. However, is there a way to do this globally for the controller?

+4

asp.net-mvc asp.net-mvc-3

Samantha JT Star Nov 08 '11 at 12:55

source share

3 answers

If you tag the controller with an attribute, all action methods in the controller are limited.

+1

Arseny Nov 08 '11 at 12:58

source share

Yes, all you have to do is put this attribute at the top of the class where you make it a declaration.

 [Authorize(Roles = "admin")] public class TheController : Controller

When you do this, all actions on this controller will be checked for the administrator role.

+1

ptfaulkner Nov 08 '11 at 12:59

source share

jgauffin · Accepted Answer · 2011-11-08T12:58:27+0000

 [Authorize(Roles = "admin")] public class AdminController : Controller { }

The attribute also works on controllers.

You can even create a base controller and set an attribute on it (and therefore get the same authorization on all derived controllers)

 [Authorize(Roles = "user")] public class BaseController : Controller { } public class NewsController : BaseController { } public class ForumController : BaseController { [HttpPost, Authorize(Roles="admin")] public ActionResult Delete(int id) { } }

Update

First question: you can put [HandleError] in your base controller to get MVC error handling in all controllers. I just wrote a blog post describing it.

Second question: Yes. Put the most specific [Authorize] attribute on the action. (for example, allow "users" in the base controller and "administrators" in the "Edit" action).

Is there a way I can set [Authorize (Roles = "admin")] for every action in the MVC controller

More articles: