out' authentication in ASP.NET MVC
Possible Duplicate:
Override Authorize Attribute in ASP.NET MVC
In ASP.NET MVC, you add the [Authorize] attribute above action methods to specify that users must be authenticated (and in the specified role where appropriate) to use that method.
This is a bit like 'opt-in' authentication - I have to remember to decorate every method I want to protect, which is error-prone.
How might I specify that everything requires authentication apart from the controllers or actions that I whitelist?
Here's the basic idea. You should play with this to get the desired results - especially when some actions inside controller need authorization, some - not. As you know, each and every part of asp.net mvc framework can be customized. So is filter providing mechanism of it. First, create the IFilterProvider implementation for providing authorization filters
public class AuthorizeFilterProvider : IFilterProvider
{
public List<Type> AuthorizationExcludedControllerTypes = new List<Type>();
#region IFilterProvider Members
public IEnumerable<Filter> GetFilters(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
{
if (!AuthorizationExcludedControllerTypes.Contains(controllerContext.Controller.GetType()))
{
yield return new Filter(new AuthorizeAttribute(), FilterScope.Controller, null);
//return filter only if it is not included into AuthorizationExcludedControllerTypes list.
}
}
#endregion
}
And register filter provider into Global.asax
protected void Application_Start()
{
...
AuthorizeFilterProvider authorizeFilterProvider = new AuthorizeFilterProvider();
authorizeFilterProvider.AuthorizationExcludedControllerTypes.Add(typeof(HomeController));
FilterProviders.Providers.Add(authorizeFilterProvider );
...
}
默认情况下,你不能,但是看到这个答案是关于创建你自己的自定义授权属性的信息:在ASP.NET MVC中覆盖授权属性。
链接地址: http://www.djcxy.com/p/90170.html下一篇: 在ASP.NET MVC中进行身份验证