Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Authorize annotion MVC

    • 0
    • 2
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 413
    Comment on it

    Authorize annotion:
    Authorize annotion given in mvc to restrict the access to controller for authorized and unauthorized user. Further the access can be restricted by their roles . It provides us to access the view for authorize users only, as view can be accessed using action methods in controllers .

    Authorize attribute:
    The authorize attribute "[Authorize]" is used to grant access to authorized user . If attribute is marked to action methods then the method will be accessed by authorize users only. If it is marked on controller then all action method of controllers are granted for authorized users . Within an authorize marked controller you want to grant access to unauthorized user(eg contactus page) marked it as AllowAnonymousAttribute or AllowAnonymous.

    Further the access can be customized to predefined user . Users and roles can be used to specify that which users and roles are granted the access to controller or action methods ,providing high level of control and security over pages.

    In case a non authorized user tries to access action or controller with authorize attribute, MVC framework returns a 401 status code . In case site is configured with form authentication then the status code 401 redirects to the login page .

    In example below manage controller is accessible only if user is authorized. While other action can be accessed by anyone

      public class AccountController : Controller
         {
               public AccountController () { . . . }
    
               public ActionResult Register() { . . . }
    
               public ActionResult Login() { . . . }
    
               [Authorize] 
               public ActionResult Manage() { . . . }
          }
    

    Below the whole controller's action methods are for authorized user only.

     [authorize]
        public class AccountController : Controller
        {
            public AccountController () { . . . }
    
            public ActionResult Register() { . . . }
    
            public ActionResult Login() { . . . }
    
            public ActionResult Manage() { . . . } 
        } 
    

    Below the whole controller action methods are for authorized user except for Login() action.

     [authorize]
        public class AccountController : Controller
        {
            public AccountController () { . . . }
    
            public ActionResult Register() { . . . }
    
            [AllowAnonymousAttribute]
            public ActionResult Login() { . . . }
    
            public ActionResult Manage() { . . . }    
        } 
    

    Further the authorization can be used for specific users only.

    [Authorize(Users="Alice,Bob")]
     public ActionResult Manage()
     { 
        . . .
     }
     Or
     [Authorize(Users="Alice,Bob")]
     public class AbcController : Controller
     {
        . . .
     }
    

    Below the action can be granted access as per user roles .

    [Authorize(Roles="admin")]
     public ActionResult Manage() 
     { 
        . . .
     }
     Or
     [Authorize(Roles="admin")]
    public class AdminController : Controller
     {
        . . .
     }
    

    Properties:
    AllowMultiple: Gets or sets a value that indicates whether more than one instance of the filter attribute can be specified. (Inherited from FilterAttribute.)
    Order: Gets or sets the order in which the action filters are executed. (Inherited from FilterAttribute.)
    Roles: Gets or sets the user roles that are authorized to access the controller or action method.
    TypeId: Gets the unique identifier for this attribute. (Overrides Attribute.TypeId.)
    Users: Gets or sets the users that are authorized to access the controller or action method.

    refrences:
    https://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute%28v=vs.118%29.aspx

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: