MVC3 authentication and anonymous users

Question

I have an MVC3 application that uses the standard accountcontroller that comes with visual studio to authenticate users.

I want to share specific parts of my program with people, much like google shares documents in google docs when you do that via email; in other words I don't want to give anyone access to the pages (In which case I could just remove the Authorize attributes) but I do want users to share pages based on a url with a hash in it, and have them skip the login.

I think I would like to generate the hash based on a page and link it to an anonymous user, which would then have to be auto-logged in if the hash is correct

How would I do that?

score 1 · Accepted Answer · answered Apr 29 '12 at 21:10

Create a table in database with shared pages information(controller, action, documentId, hash, expiresAt, etc)
Override Authorize attribute and in OnAuthorizationvalidate url params in your database.

    public class SharedAuthorize:AuthorizeAttribute  
    {  
        public override void OnAuthorization(AuthorizationContext filterContext)
        {  
            var documentHash = int.Parse(filterContext.RouteData.Values["hash"].ToString());
            if (!HashRepository.CanWeRead(documentHash,controller, action, documentId))
            {
                return false;
            }
            return true;
        }
    }

This is just an idea=))

thanks, that gave me a start. Some more googling gave me this which is basically the same but elaborates a little more: http://www.syntaxwarriors.com/2011/mvc3-custom-authorizeattribute/ which is all I need — garma, May 09 '12 at 15:38

MVC3 authentication and anonymous users

1 Answers1