How to use Custom AuthorizeAttribute for controller utilizing parameter value?

Posted by RSolberg on Stack Overflow See other posts from Stack Overflow or by RSolberg
Published on 2010-05-12T20:42:19Z Indexed on 2010/05/12 20:44 UTC
Read the original article Hit count: 448

I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code.

    public ActionResult Entity(string entityCode)
    {
        if (CurrentUser.VerifyEntityPermission(entityCode))
        {
            //populate viewModel...
            return View(viewModel);
        }
        return RedirectToAction("NoAccessToEntity", "Error");
    }

I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible?

    [EntityAuthRequired]
    public ActionResult Entity(string entityCode)
    {
            //populate viewModel...
            return View(viewModel);
    }

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about security