3

I am learning ASP.Net MVC 5 and I came up to a case where I need to restrict access to controller action under some situations. Suppose I have 5 actions in my controller and I want to restrict two of them in certain scenarios.How to achieve this I know we have inbuilt attributes like [Authorize]. Can I create user-defined restrictions to the controller actions.

Something like:

[SomeRule]
public ActionResult Index()
{
   return View();
}

And if I could create a function or class named "SomeRule" and then add some rules there.Can I add a function/method/class where I can add some logic and restrict the access and redirect to a genreal page if condition does not match. I am a beginner please guide me.

Improve this question
4
  • Check about Filters in asp.net mvc. Commented May 2, 2017 at 20:11
  • @Christos : Can you see my edit please Commented May 2, 2017 at 20:37
  • can't u just add routing option to ignore any request to this controller or redirect it to any other page Commented May 2, 2017 at 20:53
  • @Christos: My bad, it works as expected. Commented May 2, 2017 at 21:00

1 Answer 1

Reset to default
6

What you'd want to do is create a custom Action Filter, which would allow you to define custom logic within your action to determine if a given user could / could not access the decorated action:

public class SomeRuleAttribute : System.Web.Mvc.ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        base.OnActionExecuting(filterContext);

        // Define some condition to check here
        if (condition)
        {
            // Redirect the user accordingly
            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Account" }, { "action", "LogOn" } });
        }
    }
}

You can also extend these even further and set properties on them as well if you need to apply some values to check against where the attribute is defined:

public class SomeRule: ActionFilterAttribute
{
    // Any public properties here can be set within the declaration of the filter
    public string YourProperty { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        base.OnActionExecuting(filterContext);

        // Define some condition to check here
        if (condition && YourProperty == "some value")
        {
            // Redirect the user accordingly
            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Account" }, { "action", "LogOn" } });
        }
    }
}

This would look like the following when used:

[SomeRule(YourProperty = "some value")]
public ActionResult YourControllerAction()
{
     // Code omitted for brevity
}
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

If I go for first approach, how my action method should look like?
I am a beginner, pardon my ignorance.
Ok, I applied first approach and decorated one action method with [SomeRuleAttribute]. But this SomeRuleAttribute is getting hit even if that controller action is still to be called.
I decorated only once action with [SomeRuleAttribute]. but even if that action is not called still the class is getting hit. Please guide me

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.