Home > DeveloperSection > Forums > ASP.Net MVC: Can the AuthorizeAttribute be overriden?
Chintoo Semi

Total Post:135

Points:947
Posted on    May-21-2015 6:55 AM

 ASP.Net ASP.NET MVC  Mvc  Authorization 
Ratings:


 1 Reply(s)
 539  View(s)
Rate this:

As this is an internal application most of the pages are private and only viewable to the role "Admin". As I have a base controller I can do this:

[Authorize(Roles="Admin")]

public abstract class MyControllerBase : Controller

{

     ...

}

I have a problem though as some of the actions are viewable on a public website and if I attribute them like so:

[Authorize(Roles = "Public")]

public class LoginController : MyController

{

      public ActionResult Index()

      {

 

      }

}

The page fails to load as the user isn't authenticated. It would seem the Role of "Public is being ignored on the inherited class. Does anyone know if the roles can be overridden by inherited classes?

I am also trying to avoid attributing all the controllers with Roles="Admin"



john rob

Total Post:108

Points:756
Posted on    May-21-2015 7:51 AM

Well in the end I think my answer was in the question. Instead of putting the Authorize attribute on my base controller I have derived a new AdminController.

[HandleError]

public abstract class MyControllerBase : Controller

{

...

}

 

[Authorize(Roles="Admin")]

public abstract class AdminControllerBase : MyControllerBase

{

....

}

Now any controllers that require authentication can derive from AdminControllerBase while my public controllers can derive from MyControllerBase. OO to the rescue.


Don't want to miss updates? Please click the below button!

Follow MindStick