[RESOLVED]Custom Authorization MVC

I have the following scenario

Controller with following methods

GetDocument(id)
GetBenefit(id)

I want to be able to authorize access to this methods based on the id. (a user can open a document or benefit when he has been granted access by ad administrator)

As I read authorizationFilter info on MVC it only support authorization on method level. (define which role or user that can access a given operation on a MVC controller)

What is the best approach for MVC for doing stuff like this?

In my current aspx site i use a HttpModule that handle AutorizeEVent inn IIS pipeline that reads request parameters and have rules based on url which parameters to look for. 

(the decision to grant access or not is handled by a seperate component, i just need something to check and enforce authorization)

 

HomeCinemaGuy

What is the best approach for MVC for doing stuff like this?

It’s not MVC , it is business logic. What if you have an application console that does the same thing?

If you want to do with mVC, you have derive from ActionFilter , intercept on ActionExecuting, see the current user and the id parameter and grant ( or not ) access by redirecting to a nonrights action

Leave a Reply