Can you enable [Authorize] for controller but disable it for a single action?
I would like to use [Authorize] for every action in my admin controller except the Login action.
[Authorize (Roles = \"Administrator\"
-
You could override the OnAuthorization method of the controller
protected override void OnAuthorization(AuthorizationContext filterContext) { if ((string)(filterContext.RouteData.Values["action"]) == "Login") { filterContext.Cancel = true; filterContext.Result = Login(); } }This works but it is a hack.
Full class code used for testing:
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; using System.Web.Mvc.Ajax; namespace MvcApplication2.Controllers { [HandleError] [Authorize] public class HomeController : Controller { public ActionResult Index() { ViewData["Title"] = "Home Page"; ViewData["Message"] = "Welcome to ASP.NET MVC!"; return View(); } public ActionResult About() { ViewData["Title"] = "About Page"; return View(); } protected override void OnAuthorization(AuthorizationContext filterContext) { if ((string)(filterContext.RouteData.Values["action"]) == "Index") { filterContext.Cancel = true; filterContext.Result = Index(); } } } }
加载中...
- 热议问题