StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>First thing you have to understand is that much like Webforms, there is a pipeline in MVC. Each request goes through a number of methods, and there are extension points along the way that you can "hook into" and do things.</p> <p>All the AuthorizeAttribute does is hook into the OnAuthorization extension point, and decide whether to give someone access or not based on criteria you have supplied to it (usernames, roles, etc..).</p> <p>Here's an example: <a href="http://geekswithblogs.net/brians/archive/2010/07/08/implementing-a-custom-asp.net-mvc-authorization-filter.aspx" rel="noreferrer">http://geekswithblogs.net/brians/archive/2010/07/08/implementing-a-custom-asp.net-mvc-authorization-filter.aspx</a></p> <p>You can create your own custom authorization attribute, and do exactly the same thing with your own criteria. You don't need to re-purpose the Roles parameter, you can create all your own if you want.</p> <p>This is the method that MVC prefers. One other nice thing is that if you also make it a filter, then you can add it to the global filters and have it apply to everything if you want.</p> <p>You basically have two other reasonable choices. Implement a handler in global.asax in Application_AuthenticateRequest (not recommended) or create a common BaseController that you override OnAuthorize (the Attribute hooks the same thing, but in a different place).</p> <p>Lots of people try to do authentication using Session variables, and that's just the worst thing to do. </p> <p>Since we don't know anything about your authentication and permission system, all we can do is provide general advice.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload