Set a group of actions to require the same authorization
https://stackoverflow.com/questions/11461740
-
20-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
Is there a way to set a group of actions inside of a controller to require the user to be in a certain role?
So for example if I have 5 Actions that I want to require the user to be in a "Recruiting" role can I group the code and then have all those action require the same Role based off of a single Annotation?
Inversely if that isn't possible is there a way to mark the class to require a certain role and them is there an annotation to set a few actions to ignore this requirement?
Lastly if this isn't an option can you use partial classes to accomplish this?
Any other methods I'm not thinking of that would work.
解决方案 2
After much looking it doesn't appear that there is a way to apply an [Authorize] attribute to a group of actions (that I've been able to find). It appears that you have to either apply it to the class or an individual action. While Skitterm's answer is a good option it didn't solve the issue I was hoping to resolve.
其他提示
Jared,
This is what I would do, but it doesn't get around the problem of having to do it for each one:
[Authorize]
public class HomeController : Controller
[Authorize(Roles = "Recruiter")]
public ActionResult MethodOne()
{
}
It looks like your answer lies here:
Overriding controller AuthorizeAttribute for just one action
The answer to that question appears to hit on yours as well--using the Order property to set the least restrictive authorization to the controller and the most restrictive to the method.
Set the controller to this one (the one of most methods), and for the ones you want exempt (the fewer), make your authorize statement more restrictive.
