Setting an action filter at the controller level. At the level of the action method that will be executed first

Question

Setting an action filter at the controller level. At the level of the action method that will be executed first

When I create an asp.net MVC 5 web project, I check the account controller and find the following code: -

 [Authorize]
    public class AccountController : Controller
    {
        public AccountController()
            : this(new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext())))
        {
        }
        // GET: /Account/Login
        [AllowAnonymous]
        public ActionResult Login(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            return View();
        }

where they indicate [Authorize] at the controller level and [AllowAnonymous] at the action method level. I thought that asp.net mvc will first check all the action filters at the controller level, and if they are successful, it will be processed by calling the action method. But it seems that this is not so because anonymous users can call the login action method, although [Authorize] is specified at the controller level? so what's the script here?

thank

+4

asp.net-mvc asp.net-mvc-4 asp.net-mvc-5 action-filter

john g Jun 19 '14 at 15:08

source share

1

webStuff · Accepted Answer · 2014-06-20T03:59:43+0000

Authorize, , : http://aspnetwebstack.codeplex.com/SourceControl/latest#src/System.Web.Mvc/AuthorizeAttribute.cs

OnAuthorization: , AllowAnonymous , .

bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true)
                                 || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);

if (skipAuthorization)
{
     return;
}

Setting an action filter at the controller level. At the level of the action method that will be executed first

More articles: