0

I have a controller called "SomeController". I want to check if the user is logged in or if has persissions to execute any action in that controller. To do so, I read that article http://blog.wekeroad.com/blog/aspnet-mvc-securing-your-controller-actions/ and I've written my own class (a test):

public class BaseFilter : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            FormsAuthentication.RedirectToLoginPage();
        }
        //here will be checking the user permissions if he's logged in
    }
}

[BaseFilter]
public class SomeController : BaseController
{
 ...
}

but as You can understand it makes an infinitive loop when I want to run any action from that controller. So, how to cope with that ?

Tony
  • 12,405
  • 36
  • 126
  • 226

1 Answers1

1

You can apply the action filter on the relevant methods instead of at the class level.

Personally I would name this something like Authorize and then apply it to the controller methods that require authorization.

[Authorize]
public ActionResult Index()
{
// Do stuff
}
Jamie Dixon
  • 53,019
  • 19
  • 125
  • 162