Part 70 - Authorize and AllowAnonymous action filters in mvc
来源:互联网 发布:武清龙济 知乎 编辑:程序博客网 时间:2024/06/14 05:36
In ASP.NET MVC, by default, all the controller action methods are accessible to both anonymous and authenticated users. If you want action methods, to be available only for authenticated and authorised users, then use Authorize attribute. Let us understand "Authorize" and "AllowAnonymous" action filters with an example.
1. Create a blank asp.net mvc4 application. Name your application MVCDemo.
2. Right click on the "Controllers" folder and add HomeController. Copy and paste the following code.
public class HomeController : Controller
{
public ActionResult NonSecureMethod()
{
return View();
}
public ActionResult SecureMethod()
{
return View();
}
}
3. Right click on NonSecureMethod() and add a view with name = NonSecureMethod. Similarly add a view with name = SecureMethod.
4. Associate MVCDemo project with IIS.
a) Right click on the project name in "solution explorer" and select "Properties"
b) Click on "Web" tab
c) Select "Use Local IIS Web Server". In the "Project Url" textbox, type - http://localhost/MVCDemo
d) Click "Create Virtual Directory" button
5. Open IIS. Expand "Sites" and then "Default Web Site" and select "MVCDemo". Double click on "Authentication" icon. Enable "Anonymous Authentication" and "Windows Authentication", if they are not already enabled.
6. At this point, you will be able to access, both "SecureMethod" and "NonSecureMethod", by visiting the following URLs.
http://localhost/MVCDemo/Home/SecureMethod
http://localhost/MVCDemo/Home/NonSecureMethod
7. If you want "SecureMethod" to be available only for authenticated users, then decorate it with "Authorize" attribute.
[Authorize]
public ActionResult SecureMethod()
{
return View();
}
8. Now, if you navigate to "http://localhost/MVCDemo/Home/SecureMethod", then you will be prompted for your windows credentials. If you don't provide valid windows credentials or if you click cancel, you will get an error - 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied. You should be able to access "NonSecureMethod"
9. Now remove the [Authorize] attribute from SecureMethod(), and apply it on the HomeController.
[Authorize]
public class HomeController : Controller
{
public ActionResult NonSecureMethod()
{
return View();
}
public ActionResult SecureMethod()
{
return View();
}
}
At this point, "Authorize" attribute is applicable for all action methods in the HomeController. So, only authenticated users will be able to access SecureMethod() and NonSecureMethod().
10. To allow anonymous access to NonSecureMethod(), apply [AllowAnonymous] attribute. AllowAnonymous attribute is used to skip authorization enforced by Authorize attribute.
[AllowAnonymous]
public ActionResult NonSecureMethod()
{
return View();
}
- Part 70 - Authorize and AllowAnonymous action filters in mvc
- Part 69 - Action filters in mvc
- Authorize attribute and jquery AJAX in asp.net MVC
- 深入了解 Authorize 和 AllowAnonymous
- ASP.NET MVC Action Filters
- ASP.NET MVC Action Filters
- Part 67 - Action selectors in mvc - ActionName AcceptVerbs
- MVC 中一个action上面加[Authorize]是什么意思
- Filters and Observers in rails
- Events and Event Filters in Qt
- Image Processing for Dummies with C# and GDI+ Part 4 - Bilinear Filters and Resizing
- Kalman Filters in the MRPT and using tips
- ASP.NET MVC 2 Authorize - 自定义Authorize的实现
- ASP.NET MVC Authorize - 自定义Authorize的实现
- CipherInputStream and CipherOutputStream in Action
- Prototype and Scriptaculous in Action
- Part 5 - Html helpers in mvc
- Part 52 - Partial views in mvc
- 渗透————sqlmap
- 解决oracle sqlplus 中上下左右backspace不能用
- AsyncTask源码分析
- Filter过滤器
- 454. 4Sum II
- Part 70 - Authorize and AllowAnonymous action filters in mvc
- 策略模式
- JOSN与JOSNP
- 老板开会,我心伤悲~~
- hdu1050
- Java数组里元素是List
- 基于注解的方式配置Bean和装配Bean的属性
- Mac配置php-fpm
- 杭电OJ 2008