4

I've got an ASP.NET MVC 3 site with an admin panel (don't we all? :) - I've used my own solution for a very secured login system.

Now, on each view in the admin controller I need to make checks that the user is logged and has the proper authorization, so each time I run the same verification and authorization methods on each view separately.

How could I make the same checks for all the requests to a certain controller? (I mean, right all the checks only once and in one place)

(I also would like to have an exception, so I could allow user to use the login page inside the admin controller and outside of it)

Thanks!

Roman
  • 4,443
  • 14
  • 56
  • 81

3 Answers3

3

Use an attribute on the controller. Either the standard AuthorizeAttribute (see this) or write your own.

Tetaxa
  • 4,375
  • 1
  • 19
  • 25
2

What you're looking for is action filter attributes. They are basically an attribute you can place on a controller that allows you to intercept calls to every action method within a controller and are therefore perfect for security as you can deny/accept requests: http://msdn.microsoft.com/en-us/library/system.web.mvc.actionfilterattribute.aspx

Kevin Holditch
  • 5,165
  • 3
  • 19
  • 35
1

If you want to limit the entire controller instead of the individual actions you could place the [Authorize] attribute like so:

[Authorize]        
public class PageController : Controller
{ ... }
Ron
  • 1,721
  • 1
  • 19
  • 43