Customizing authorization in ASP.NET MVC

by

You can build your own authorize attribute like this:

public class ClubAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
  base.OnAuthorization(filterContext);
  if (filterContext.Cancel && filterContext.Result is HttpUnauthorizedResult)
  {
    filterContext.Result = new RedirectToRouteResult(
      new RouteValueDictionary {
      { "clubShortName", filterContext.RouteData.Values[ "clubShortName" ] },
      { "controller", "Account" },
      { "action", "Login" },
      { "ReturnUrl", filterContext.HttpContext.Request.RawUrl }
    });
  }
}
}

I used this to redirect to a specific club in a club membership site I am building. You could adapt this to your need. BTW, in my case I do redirect to the login page, but I check to see if the user is authorized and if so, display a message that they don’t have the correct permissions. No doubt you could also add something to ViewData or TempData to display on the page, but I haven’t tried that

EDIT
AuthorizationContext.Cancel doesn’t exist anymore in RC. “filterContext.Result is HttpUnauthorizedResult” seems to be enough : What happened to filterContext.Cancel (ASP.NET MVC)

More Related Contents:

  1. Why does AuthorizeAttribute redirect to the login page for authentication and authorization failures?
  2. How to validate uploaded file in ASP.NET MVC?
  3. Restrict access to a specific controller by IP address in ASP.NET MVC Beta
  4. ASP.NET MVC Forms Authentication + Authorize Attribute + Simple Roles
  5. where is the best place to save images from users upload
  6. asp.net mvc decorate [Authorize()] with multiple enums
  7. How to remove ASP.Net MVC Default HTTP Headers?
  8. What ‘sensitive information’ could be disclosed when setting JsonRequestBehavior to AllowGet
  9. “Security aware” action link?
  10. MVC role-based routing
  11. Using Ajax.BeginForm with ASP.NET MVC 3 Razor
  12. Authentication versus Authorization
  13. Unity Inject dependencies into MVC filter class with parameters
  14. Asp.net MVC4: Authorize on both controller and action
  15. Combine ASP.Net MVC with WebForms
  16. How do I find the absolute url of an action in ASP.NET MVC?
  17. Caching in asp.net-mvc
  18. Purpose of ActionName
  19. ASP.NET MVC 3 Razor – Adding class to EditorFor
  20. self hosting asp.net mvc
  21. MVC versus WebForms [closed]
  22. How to set ViewBag properties for all Views without using a base class for Controllers?
  23. ASP.NET MVC A potentially dangerous Request.Form value was detected from the client when using a custom modelbinder
  24. Force lowercase property names from Json() in ASP.NET MVC
  25. Validation does not work when I use Validator.TryValidateObject
  26. OwinStartup not firing
  27. Is using ViewBag in MVC bad? [closed]
  28. Does Razor syntax provide a compelling advantage in UI markup?
  29. Unable to get windows authentication to work through local IIS
  30. How do I create a MVC Razor template for DisplayFor()

Leave a Comment