Using ClaimsPrincipalPermissionAttribute, how do I catch the SecurityException?

Posted by Ryan Roark on Stack Overflow See other posts from Stack Overflow or by Ryan Roark
Published on 2012-11-19T22:55:03Z Indexed on 2012/11/19 23:00 UTC
Read the original article Hit count: 449

Filed under:

asp.net-mvc

|

WIF

In my MVC application I have a Controller Action that Deletes a customer, which I'm applying Claims Based Authorization to using WIF.

Problem: if someone doesn't have access they see an exception in the browser (complete with stacktrace), but I'd rather just redirect them.

This works and allows me to redirect:

public ActionResult Delete(int id)
{
    try
    {
        ClaimsPrincipalPermission.CheckAccess("Customer", "Delete");
        _supplier.Delete(id);
        return RedirectToAction("List");
    }
    catch (SecurityException ex)
    {
        return RedirectToAction("NotAuthorized", "Account");
    }
}

This works but throws a SecurityException I don't know how to catch (when the user is not authorized):

[ClaimsPrincipalPermission(SecurityAction.Demand, Operation = "Delete", Resource =     "Customer")]
public ActionResult Delete(int id)
{
    _supplier.Delete(id);
    return RedirectToAction("List");
}

I'd like to use the declarative approach, but not sure how to handle unauthorized requests. Any suggestions?

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
ASP.NET MVC 3 Hosting :: New Features in ASP.NET MVC 3

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Razor View Engine The Razor view engine is a new view engine option for ASP.NET MVC that supports the Razor templating syntax. The Razor syntax is a streamlined approach to HTML templating designed with the goal of being a code driven minimalist templating approach that builds on existing C#, VB… >>> More
PathTooLongException after migrating from ASP.NET MVC 1 to ASP.NET MVC 2

as seen on Stack Overflow - Search for 'Stack Overflow'
I had updated my app from MVC 1 to MVC 2. After that some pages throws PathTooLongException: [PathTooLongException: The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.] … >>> More
Differece between Asp.net MVC 1 and Asp.net MVC 2

as seen on Stack Overflow - Search for 'Stack Overflow'
what is differece between Asp.net MVC 1 and Asp.net MVC 2? >>> More
Top 5 reasons for using ASP.NET MVC 2 rather than ASP.NET MVC 1

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been using ASP.NET MVC 1 for a while now, and am keen to take advantage of the improvements in MVC 2. Things like validation seem greatly improved, and strongly-typed HTML helper methods look great. So, for those of you who have real-world practical experience of using ASP.NET MVC 1 and are… >>> More

Related posts about WIF

Book Review: Programming Windows Identity Foundation

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Programming Windows Identity Foundation by Vittorio Bertocci is right now the only serious book about Windows Identity Foundation available. I started using Windows Identity Foundation when I made my first experiments on Windows Azure AppFabric Access Control Service. I wanted to generalize the… >>> More
WIF using SAML 2 protocol / Federate AD FS 2.0 with CAS

as seen on Stack Overflow - Search for 'Stack Overflow'
I'am are trying to implement a Web SSO with claim based identity using WIF and AD FS 2.0 right now. Right now I have a existing ASP.Net application which delegates authentification to the AD FS 2.0 server and trust issued security tokens. That works just fine. However, in the organization there is… >>> More
SSO using WIF on UNIX/Mono

as seen on Stack Overflow - Search for 'Stack Overflow'
We have implemented SSO in a .NET web application using Windows Identity Foundation (WIF). It works great. However, we have to run it on a UNIX system using Mono. Is that possible? >>> More
WIF

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Windows Identity Foundation (WIF) enables .NET developers to externalize identity logic from their application, improving developer productivity, enhancing application security, and enabling interoperability. It is a framework for implementing claims-based identity in your applications. With WIF one… >>> More
Integrating WIF with WCF Data Services

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
A time ago I discussed how a custom REST Starter kit interceptor could be used to parse a SAML token in the Http Authorization header and wrap that into a ClaimsPrincipal that the WCF services could use. The thing is that code was initially created for Geneva framework, so it got deprecated quickly… >>> More