0

I am creating an MVC Intranet app with windows authentication. The data being accessed is year specific, so I need a way to set a global variable, be it a session, or whatever, that must be set before any queries are performed.

I've not been able to find a way to force a user to login since they are already authorized via their windows login credentials so using attributes to force a login seems problematic.

I am finding that users could navigate to any particular page and attempt to pull data and create a bit of havoc without the year defined.

What I would like to do is force a user to a year select page to select the year which they wish to access if the year variable is not yet set.

I've checked related questions and they do not appear to provide answer to my current conundrum.

Improve this question
4
  • I've not been able to find a way to force a user to login since they are already authorized via their windows login credentials so using attributes to force a login seems problematic - the [Authorize] attribute still applies. They will be prompted to logon if they are not authorized or don't belong to the required groups. Commented Jul 6, 2012 at 14:47
  • I have specific actions restricted to specific groups, but all users on the intranet can have view access. The [Authorize] attribute did not appear to stop a user from accessing any page and action. So, if they are able to have access if they are a user in our domain, then how is a login forced? I'm still fairly new to MVC, so I could have easily missed a lot. Commented Jul 6, 2012 at 14:59
  • You may have missed the Roles property. Commented Jul 6, 2012 at 15:03
  • I have roles assigned, but that seems to mask the particular action to an unauthorized user, not force them to login. I have create/edit/delete actions restricted, but all users can view. Commented Jul 6, 2012 at 15:09

1 Answer 1

Reset to default
1

You can write a custom ActionFilter, which you put on all your controllers (but not on the action where you have to select the year, of course). If year ain't be selected, you redirect to the controller/action where you can choose the year.

public class CheckYearAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if(<YEAR IS NOT SET>)//redirect
        {
            filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary {{ "Controller", "YourController" },
                                      { "Action", "YourAction" } });
        }

        base.OnActionExecuting(filterContext);
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for this. This looks good to see if the year was set, but what should I use to set the year? A ViewBag object? Session variable? Thanks!
@Erik yes, Session would be fine.
Much appreciated for your help.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.