ASP.NET MVC: CAN THE AUTHORIZEATTRIBUTE BE OVERRIDEN?

Chintoo Semi

Total Post:135

Points:947
Posted by  Chintoo Semi
 881  View(s)
Ratings:
Rate this:

As this is an internal application most of the pages are private and only viewable to the role "Admin". As I have a base controller I can do this:

[Authorize(Roles="Admin")]

public abstract class MyControllerBase : Controller

{

     ...

}

I have a problem though as some of the actions are viewable on a public website and if I attribute them like so:

[Authorize(Roles = "Public")]

public class LoginController : MyController

{

      public ActionResult Index()

      {

 

      }

}

The page fails to load as the user isn't authenticated. It would seem the Role of "Public is being ignored on the inherited class. Does anyone know if the roles can be overridden by inherited classes?

I am also trying to avoid attributing all the controllers with Roles="Admin"

  1. john rob

    Post:108

    Points:756
    Re: ASP.Net MVC: Can the AuthorizeAttribute be overriden?

    Well in the end I think my answer was in the question. Instead of putting the Authorize attribute on my base controller I have derived a new AdminController.

    [HandleError]

    public abstract class MyControllerBase : Controller

    {

    ...

    }

     

    [Authorize(Roles="Admin")]

    public abstract class AdminControllerBase : MyControllerBase

    {

    ....

    }

    Now any controllers that require authentication can derive from AdminControllerBase while my public controllers can derive from MyControllerBase. OO to the rescue.

Answer

NEWSLETTER

Enter your email address here always to be updated. We promise not to spam!