Using ClaimsPrincipalPermissionAttribute, how do I catch the SecurityException?

Posted by Ryan Roark on Stack Overflow See other posts from Stack Overflow or by Ryan Roark
Published on 2012-11-19T22:55:03Z Indexed on 2012/11/19 23:00 UTC
Read the original article Hit count: 453

Filed under:
|

In my MVC application I have a Controller Action that Deletes a customer, which I'm applying Claims Based Authorization to using WIF.

Problem: if someone doesn't have access they see an exception in the browser (complete with stacktrace), but I'd rather just redirect them.

This works and allows me to redirect:

public ActionResult Delete(int id)
{
    try
    {
        ClaimsPrincipalPermission.CheckAccess("Customer", "Delete");
        _supplier.Delete(id);
        return RedirectToAction("List");
    }
    catch (SecurityException ex)
    {
        return RedirectToAction("NotAuthorized", "Account");
    }
}

This works but throws a SecurityException I don't know how to catch (when the user is not authorized):

[ClaimsPrincipalPermission(SecurityAction.Demand, Operation = "Delete", Resource =     "Customer")]
public ActionResult Delete(int id)
{
    _supplier.Delete(id);
    return RedirectToAction("List");
}

I'd like to use the declarative approach, but not sure how to handle unauthorized requests. Any suggestions?

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about WIF