ASP.NET MVC Roles Authorization

asp.net-mvc authorization roles
Mr Grok picture Mr Grok · Apr 23, 2009 · Viewed 37.1k times · Source

I want to make the roles default for my controller class to "Administrators, Content Editors"

[Authorize(Roles = "Administrators, Content Editor")]

I've done this by adorning the controller with the attribute above. However, there is one action that I want to be available to all (namely "View"). How can I reset the Roles so that everyone (including completely unauthorized users) have access for this action.

Note: I know I could adorn every single action other action with the authorize attribute above but I don't want to have to do that all the time. I want all of the controllers actions to be unacessible by default so that if anyone adds an action they have to make a considered decision to make it available to the general public.

Answer

Simon_Weaver picture Simon_Weaver · Feb 18, 2013

MVC4 has a new attribute exactly meant for this [AllowAnonymous]

[AllowAnonymous]
public ActionResult Register()

http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx

Related questions

asp.net mvc decorate [Authorize()] with multiple enums

I have a controller and I want two roles to be able to access it. 1-admin OR 2-moderator I know you can do [Authorize(Roles="admin, moderators")] but I have my roles in an enum. With the enum I can …

Read More
ASP.NET Web API : Correct way to return a 401/unauthorised response

I have an MVC webapi site that uses OAuth/token authentication to authenticate requests. All the relevant controllers have the right attributes, and authentication is working ok. The problem is that not all of the request can be authorised in …

Read More
Redirecting unauthorized controller in ASP.NET MVC

I have a controller in ASP.NET MVC that I've restricted to the admin role: [Authorize(Roles = "Admin")] public class TestController : Controller { ... If a user who is not in the Admin role navigates to this controller they are greeted with …

Read More