开发者

Authorisation exceptions

开发者 https://www.devze.com 2023-03-14 03:14 出处：网络

I\'ve tagged my controller开发者_运维技巧 with an authority annotation but would like to exempt one of the methods... can that be done? how?

相关专题：asp.net-mvc-3 authentication authorize

I've tagged my controller开发者_运维技巧 with an authority annotation but would like to exempt one of the methods... can that be done? how?

[Authorize(Roles="Admin")]
public class ProductController : Controller
{
    [DEAUTHORIZE]
    public ActionResult Start(int it)
    { ... }

In MVC 4 was introduced AllowAnonymousAttribute which tells action invoker to skip AuthorizeAttribute.

[AllowAnonymous]

No, this can't be done. The standard way to achieve this is to simply move the Start action out in a separate controller. Another possibility consists into building a custom IFilterProvider which will apply the authorization attribute conditionally instead of baking it manually into the ProductController. For example NInject uses this and provides a pretty fluent syntax into configuring action filters. You can conditionally apply them based on the current context.