Override Authorize Attribute in ASP.NET MVC

by

Edit: Since ASP.NET MVC 4 the best approach is simply to use the built-in AllowAnonymous attribute.

The answer below refers to earlier versions of ASP.NET MVC

You could create a custom authorisation attribute inheriting from the standard AuthorizeAttribute with an optional bool parameter to specify whether authorisation is required or not.

public class OptionalAuthorizeAttribute : AuthorizeAttribute
{
    private readonly bool _authorize;

    public OptionalAuthorizeAttribute()
    {
        _authorize = true;
    }

    public OptionalAuthorizeAttribute(bool authorize)
    {
        _authorize = authorize;
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if(!_authorize)
            return true;

                    return base.AuthorizeCore(httpContext);
    }
}

Then you can decorate your base controller with that attribute:

[OptionalAuthorize]
public class ControllerBase : Controller
{
}

and for any controllers you don’t want authorisation simply use the override with a ‘false’ – e.g.

[OptionalAuthorize(false)]
public class TestController : ControllerBase
{
    public ActionResult Index()
    {
        return View();
    }
}

More Related Contents:

  1. How to build RUNAS /NETONLY functionality into a (C#/.NET/WinForms) program?
  2. Html.Partial vs Html.RenderPartial & Html.Action vs Html.RenderAction
  3. How does SQLParameter prevent SQL Injection?
  4. .NET obfuscation tools/strategy [closed]
  5. Fake DbContext of Entity Framework 4.1 to Test
  6. Why is JsonRequestBehavior needed?
  7. “The resource cannot be found.” error when there is a “dot” at the end of the url
  8. MVC4 HTTP Error 403.14 – Forbidden
  9. Windows update caused MVC3 and MVC4 stop working
  10. Parser Error Message: Could not load type ‘TestMvcApplication.MvcApplication’
  11. How to change default view location scheme in ASP.NET MVC?
  12. Create virtual directory on same azure web app
  13. Cannot attach the file *.mdf as database
  14. How to create a CheckBoxListFor extension method in ASP.NET MVC?
  15. Where and how is the _ViewStart.cshtml layout file linked?
  16. Connection string using Windows Authentication
  17. .NET MVC Call method on different controller
  18. Can’t find ADO.net Entity Data Model template in VS2017
  19. Secure Password Hashing [closed]
  20. Where to run a duplicate check for an entity
  21. Encrypting appSettings in web.config
  22. When ServiceStack authentication fails, do not redirect?
  23. How to throw a SqlException when needed for mocking and unit testing?
  24. ASP.Net MVC Redirect To A Different View
  25. Is “Code Access Security” of any real world use?
  26. ASP.NET MVC on IIS6
  27. How to Convert Row to Column in Linq and SQL
  28. How to securely store a connection string in a WinForms application?
  29. Memory randomization as application security enhancement?
  30. Integrate existing ASP.NET MVC application with Orchard CMS

Leave a Comment