MVC Authorization Route

Question

So, I'm using the ASP.NET SimpleMembershipProvider user, roles and authorization structure. This controller requires the user is logged in, so that when it acesses this page while logged off, the login page appears.

[Authorize]
public class CompanyController : Controller
{
//stuff...
}

For this page, I want restricted access only to admins, so here it goes

[Authorize(Roles = "Admin")]
public class UserManagementController : Controller
{
//fields, methods, etc...
}

But when I try to access it logged off or logged in with a user account not in the "Admin" role, it shows the login page, but I wanted a custom page telling the user that page has restricted access and he does'nt have the credentials. How to do it, I mean without having to resort to if's and redirects in every method, that would blow the point of authorization atributes.

Thanx

possible duplicate of [ASP.NET MVC - How to show unauthorized error on login page?](http://stackoverflow.com/questions/1498727/asp-net-mvc-how-to-show-unauthorized-error-on-login-page) — RyanB, May 30 '14 at 20:45
possible duplicate of [Why does AuthorizeAttribute redirect to the login page for authentication and authorization failures?](http://stackoverflow.com/questions/238437/why-does-authorizeattribute-redirect-to-the-login-page-for-authentication-and-au) — Guvante, May 30 '14 at 20:47
The accepted answer in @RyanB's response will solve your issue. — xDaevax, May 30 '14 at 20:50
If you take a look at the accepted answer in the comment @RyanB left it will solve your issue. From the custom attribute, you can look at the role name and respond according to the role. — xDaevax, May 30 '14 at 20:51

score 0 · Answer 1 · answered May 30 '14 at 21:06

0

You can put authorization attributes on methods NOT just the class for more fine grained control.

answered May 30 '14 at 21:06

Thomas

1,177
1
14
26

MVC Authorization Route

1 Answers1