How to use Custom AuthorizeAttribute for controller utilizing parameter value?
Posted
by RSolberg
on Stack Overflow
See other posts from Stack Overflow
or by RSolberg
Published on 2010-05-12T20:42:19Z
Indexed on
2010/05/12
20:44 UTC
Read the original article
Hit count: 442
I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code.
public ActionResult Entity(string entityCode)
{
if (CurrentUser.VerifyEntityPermission(entityCode))
{
//populate viewModel...
return View(viewModel);
}
return RedirectToAction("NoAccessToEntity", "Error");
}
I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible?
[EntityAuthRequired]
public ActionResult Entity(string entityCode)
{
//populate viewModel...
return View(viewModel);
}
© Stack Overflow or respective owner