All geek questions in one place

ASP.NET MVC is an easy way to temporarily require authorization for an entire site except one page

I am creating a website with a mixture of publicly accessible pages and for members only. The login system is working as it is.

However, I would like to open a private, invited preview and temporarily require visitors to register for all activities except the welcome page.

I currently have attributes [Authorize]for certain action methods. I could add additional attributes to other methods of actions, but this is a bit hacked and makes it difficult to remove them later, when I want to return to more open content.

So, how can I effectively add the authorization requirement on the site? Recall that I want the only route to /Home/Indexremain open, so that the people I invited can read some information before activating their invitations.

+3
source share
3 answers

I think doing this in a file web.configwould be best, as it is temporary and does not require you to add any code C#or rely on roles / names, etc.

Do the following in web.config

<configuration>
      <!-- system.web is the only already in your web.config 
           don't add this, just add the authorization element
           to the existing system.web element -->
  <system.web>
     <authorization>
        <deny users="?"/>
     </authorization>
  </system.web>

  <!-- the login path -->
  <location path="Login/Index">
     <system.web>
        <authorization>
           <allow users="?"/>
        </authorization>
     </system.web>
  </location>

  <!-- welcome page -->
  <location path="Home/Index">
     <system.web>
        <authorization>
           <allow users="?"/>
        </authorization>
     </system.web>
  </location>

  <!-- static files (images, css, js etc.) folder -->
  <location path="Content">
     <system.web>
        <authorization>
           <allow users="?"/>
        </authorization>
     </system.web>
  </location>

</configuration>

<authorization> / . <location> ( , ).

, path .

location " MSDN" .

+3

- . , , , , , , .

public class PreviewAuthAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        base.OnActionExecuting(filterContext);

        // if site is live, show page 
        if (Data.Settings.IsLive) return;

        // if request is from localhost or build server, show page
        if (filterContext.HttpContext.Request.IsLocal) return;
        if (filterContext.HttpContext.Request.UserHostAddress.StartsWith("192.168.0")) return;

        // if user has has alpha or admin role, show page
        if (filterContext.HttpContext.Request.IsAuthenticated && (filterContext.HttpContext.User.IsInRole("Alpha") || filterContext.HttpContext.User.IsInRole("Admin"))) return;

        // site is not live and user does not have access - show placeholder

        filterContext.Result = new ViewResult()
        {                
            ViewName="Placeholder",
            ViewData = filterContext.Controller.ViewData,
            TempData = filterContext.Controller.TempData
        };
    }

}
+2

You can configure the Authorize attribute, and your user list for the private beta should go through some logic. Just remove the setting when you publish it.

Stack overflow answer on how to configure the Authorize attribute

Take a look at the answer containing AuthorizeOwnerAttribute .

+1
source

Source: https://habr.com/ru/post/1786241/

More articles:


All Articles