2

I am using SelfHost/Katana/Owin for my WebServer. I have a Controller in there that I want to enable/disable by code depending on a command line argument at launch time.

Is there a simple way of doing this in MVC?

Right now I'm thinking in the Controller's code to return HTTP-NotFound status code when this config is disabled, any better ideas?

Improve this question

4 Answers 4

Reset to default
3

You could decorate your controller with a custom Action Filter.

public class ConfigActionFilter : ActionFilterAttribute {   
  // This method is called before a controller action is executed.
  public override void OnActionExecuting(ActionExecutingContext filterContext) {
    if(someConfigSetting) {
      filterContext.Result = new RedirectToRouteResult("Error", someRouteValues);
    }
  }
  ...
}

Usage:

[ConfigActionFilter]
public class MyController : Controller {
  ...
}

More here.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You could perform a redirecttoaction that will take users to a different controller explaining what's happening.

ie:

public class MyController : Controller {
    private IConfigReader _configReader;

    public MyController(IConfigReader configReader){ //not sure if you're doing dependency injection or not, so I'm injecting it
         _configReader = configReader;
    }

    public ActionResult Index() {
        if(!_configReader.IsEnabled) {
            return RedirectToAction("Denied", "AuthController");
        }

        //etc

        return View();
    }
}
Improve this answer

Comments

1

You could create an attribute, apply it to the controller and set a static property on that attribute at startup time, and deny access (or return "Not found") when the flag is set.

Improve this answer

Comments

1

Alternatively, you can implement a custom AuthorizationAttribute and put it on your controller

public class AuthorizationAdminAttribute : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (/*check for argument*/)
            {
                return false;
            }

            return true;
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (AuthorizeCore(filterContext.HttpContext))
            {
                // ** IMPORTANT **
                // Since we're performing authorization at the action level, the authorization code runs
                // after the output caching module. In the worst case this could allow an authorized user
                // to cause the page to be cached, then an unauthorized user would later be served the
                // cached page. We work around this by telling proxies not to cache the sensitive page,
                // then we hook our custom authorization code into the caching mechanism so that we have
                // the final say on whether a page should be served from the cache.

                HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
                cachePolicy.SetProxyMaxAge(new TimeSpan(0));
                cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
            }
            else
            {                  
                filterContext.Result = new HttpNotFoundResult();
            }
        }

        private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
        {
            validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
        }
    }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.