开发者

MVC Authorize attribute deny

问答 作者:

I'm using the Authorize() attribute to secure my controllers/actions and want to only display the Login action to unauthenticated users - or to put it another way, deny access to authenticated users.

I haven't been able to find anything on the web dealing with either denying permission or allowing negative permissions (ie !LoggedIn)

Can someone please point me in the right direction?

MVC2, .Net 4

EDIT: To clairfy, I want somethin开发者_开发百科g like this:

Public Class PublicController
    Inherits ControllerBase

    <Authorize()> 'Only logged-in users can logout
    Public Function Logout() as ActionResult
        Return View()
    End Function

    'Something here to indicate that only NON-authorized users should see this action
    Public Function Login() as ActionResult
        Return View()
    End Function

End Class

Could it be as simple as this:

public class DenyAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return !base.AuthorizeCore(httpContext);
    }
}

继续阅读:asp.net-mvcauthorization

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9