All geek questions in one place

User Authorization in ASP.NET MVC 3

I am moving an application from ASP.NET Web Forms to ASP.NET MVC 3. One of the central and critical parts is currently locked in its own directory. I prevented an unauthorized user from accessing this directory using the following in my web.config file:

<location path="home" allowOverride="false"> <system.web> <authorization> <deny users="?"/> <allow users="*"/> </authorization> </system.web> </location>

My question is how to implement the same type of security in ASP.NET MVC 3? I have a hunch that it involves setting attributes on my controller classes. However, AuthorizeAttribute looks like it only accepts a list of usernames and not authentication status (please correct me if I am wrong). I looked at a sample ASP.NET Internet application and I did not see anything special about it.

Can someone point me in the right direction?

Thanks!

+6
source share
3 answers

Right, you will use AuthorizeAttribute , for example:

  [Authorize] public ActionResult AuthenticatedUsers() { return View(); } [Authorize(Roles = "Role1, Role2")] public ActionResult SomeRoles() { return View(); } [Authorize(Users = "User1, User2")] public ActionResult SomeUsers() { return View(); }

As for the "auth status" state, I'm not sure I know what you mean. It seems that Roles will handle this authentication requirement.

+5
source

You can still authorize in web.config if you want. Most people will move their authorization permissions for actions or for the entire controller (or base controller) using the [Authorize] filter.

The authorized access filter supports roles or users of the same web.config (use * and? For "authenticated" and "anonymous")

If users and roles do not, check out this article on creating a custom authorize attribute:

ASP.NET MVC User Authorization

0
source

You use the authorize attribute to indicate which users or roles will have access to the controller (if you install the controller, these permissions will be set for all actions in this controller) or action. Take a look: http://build.mt.gov/2011/10/27/aspnet-mvc3-and-the-authorize-attribute.aspx . Rembember, which will provide your roles (from a specific user), will be RoleProvider, for example, you use asp.net web forms.

0
source

Source: https://habr.com/ru/post/908050/

More articles:


All Articles