0

Is there a way to override Authorize annotation in ASP.Net?

I'm using MVC and my controller is annotated with: 

[Authorize(Roles="Admin")]

The majority of actions in this controller are restricted to Admin users.

I would like to override one action method so that it becomes available to all users:

[HttpPost]
[Authorize(Users="*")]        
public Boolean Submit(FormCollection collection)

This is not working and users are being re-directed to login page. What am I doing wrong?

Thank you.

Improve this question
2
  • Phil wrote a blog post how to apply a filter for every action except one. Here's the link. Commented May 31, 2011 at 14:57
  • There is blog post by Rick Anderson that tries to solve the scenario you mentioned in an elegant way. Commented May 31, 2011 at 15:05

2 Answers 2

Reset to default
6

I think you should be able to achieve what you are trying to do by simply removing the attribute from controller and move it to methods only where needed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The class level attribute is being checked first, causing the behaviour you describe.

You would need to put the less restrictive role on the class attribute and then put the more restrictive role attribute on the relevant actions.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.