Authorize filters vs Action Filters
https://stackoverflow.com/questions/3115880
-
29-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i m using .NET mvc2 for my application. I want some custom authorization on my actions. I have googled a bit and there seems to be two options available.
- Implement logic in onActionExecuting in custom Action Filter, see this post
- Subclass authorizeattribute or implement Iauthorization interface and put my logic there
My question here is that which technique is preferable with pros and cons of using each technique
edited: Moreover I can override onActionExecuting and onAuthorization in my base controller that gives me benefit of accessing controller variables directly.
Solution
While both options are OK, it is best to subclass AuthorizeAttribute for these reasons:
- Separation of concerns.
- MVC provides the AuthorizeAttribute for this purpose (don't fight the framework).
- The authorization filter is run first -- before other filters (per Pro ASP.NET MVC3 Framework, page 431). This ensures no unnecessary code will execute if an unauthorized user hits your controller/action.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
