ASP.NET MVC Authentication
it is possible to create something like this i ASP.NET MVC beta 1
I tried but
override bool OnPreAction(string actionName,
System.Reflection.MethodInfo methodInfo)
is no longer visible and
override void OnActionExecuting(ActionExecutingContext filterContext)
don't give me access to the action name
source to share
On the blog you link to, the author claims that
One way to tackle this problem is to use attribute based security as shown in this post. But then you have to decorate your actions with a safety attribute, which is not a good idea.
I think this is a great way to do it and it is supported by the framework. This will give you a nice declarative implementation. Check the Authorized Attribute in System.Web.Mvc. This will allow you to do something like this:
[Authorize(Roles="Admin, Editor")]
public ActionResult Delete(int id){
(...)
}
Since the Delete action changes the state of your system, I would also add the AcceptVerbs attribute, for example:
[AcceptVerbs(HttpVerbs.Post)]
[Authorize(Roles="Admin, Editor")]
public ActionResult Delete(int id){
(...)
}
This ensures that the action will not accept GET requests.
source to share