forum

Home / DeveloperSection / Forums / ASP.Net MVC: Can the AuthorizeAttribute be overriden?

Ask Question

ASP.Net MVC: Can the AuthorizeAttribute be overriden?

Anonymous User188221-May-2015

As this is an internal application most of the pages are private and only viewable to the role "Admin". As I have a base controller I can do this:

[Authorize(Roles="Admin")]
publicabstractclassMyControllerBase : Controller
{
     ...
}

I have a problem though as some of the actions are viewable on a public website and if I attribute them like so:

[Authorize(Roles = "Public")]
publicclassLoginController : MyController
{
      public ActionResult Index()
      {
 
      }
}

The page fails to load as the user isn't authenticated. It would seem the Role of "Public is being ignored on the inherited class. Does anyone know if the roles can be overridden by inherited classes?

I am also trying to avoid attributing all the controllers with Roles="Admin"

asp.netasp.net mvc mvc authorization 
Updated on 21-May-2015
Anonymous User

Anonymous User

Follow
I am a content writter !

Can you answer this question?

Answer

1 Answers

Anonymous User

Anonymous User

21-May-2015

Well in the end I think my answer was in the question. Instead of putting the Authorize attribute on my base controller I have derived a new AdminController.

[HandleError]
publicabstractclassMyControllerBase : Controller
{
...
}
 
[Authorize(Roles="Admin")]
publicabstractclassAdminControllerBase : MyControllerBase
{
....
}

Now any controllers that require authentication can derive from AdminControllerBase while my public controllers can derive from MyControllerBase. OO to the rescue.

Liked By