Using ClaimsPrincipalPermissionAttribute, how do I catch the SecurityException?
Posted
by
Ryan Roark
on Stack Overflow
See other posts from Stack Overflow
or by Ryan Roark
Published on 2012-11-19T22:55:03Z
Indexed on
2012/11/19
23:00 UTC
Read the original article
Hit count: 453
asp.net-mvc
|WIF
In my MVC application I have a Controller Action that Deletes a customer, which I'm applying Claims Based Authorization to using WIF.
Problem: if someone doesn't have access they see an exception in the browser (complete with stacktrace), but I'd rather just redirect them.
This works and allows me to redirect:
public ActionResult Delete(int id)
{
try
{
ClaimsPrincipalPermission.CheckAccess("Customer", "Delete");
_supplier.Delete(id);
return RedirectToAction("List");
}
catch (SecurityException ex)
{
return RedirectToAction("NotAuthorized", "Account");
}
}
This works but throws a SecurityException I don't know how to catch (when the user is not authorized):
[ClaimsPrincipalPermission(SecurityAction.Demand, Operation = "Delete", Resource = "Customer")]
public ActionResult Delete(int id)
{
_supplier.Delete(id);
return RedirectToAction("List");
}
I'd like to use the declarative approach, but not sure how to handle unauthorized requests. Any suggestions?
© Stack Overflow or respective owner