Sponsored by Gluten Free Waffles and Sliced Bananas

Tuesday, April 6, 2010

ASP.NET MVC: Authorizing Users with the [Authorize] Filter

4:11 PM Posted by Tyson Nero No comments
MVC makes it easy to declaratively authorize users at the method and class level, and you don't even have to write any code. Implementing the logic is as simple as adding a [Authorize] attribute to your action methods or model classes.

User must be logged in:

[Authorize]
public ActionResult Create()
{
    ...
}

[AcceptVerbs(HttpVerbs.Post)]
[Authorize]
public ActionResult Create()
{
    ...
}

Use action filters to specify users and roles:

[Authorize(Users="me,you,them")]
public ActionResult Create()
{
    ...
}

[Authorize(Roles="admin")]
public ActionResult Create()
{
    ...
}

0 comments:

Post a Comment