Everytime that i need to do a Roles.IsUserInRole or user User.IsInRole i have a timeout:
This is the role class:
But doing a GetAllRoles works properly:
Why?
After more reading i realiaze that i was missing this:
[InitializeSimpleMembership]
public class HomeController : Controller
Adding [InitializeSimpleMembership] to the home controller resolves the issue.
Related
I have a WEB Api controller, that has the [Authorize] tag at the top of the controller - which means all API in this class will have this rule applied. Like this:
[Authorize]
[RoutePrefix("api/v1/route")]
public class ItemController : ApiController
{
/// Etc...
My issue is that for a specific call within this class, I do not want this Auth rule to apply. I am sure I have seen a way of doing this before, but for all my googling I cannot find it. I think it is something like this:
[HttpPost]
[Route("singleCall")]
[NOTAUTH]//whatever should go in here
public void Log()
{
Any ideas???
Take a look at [AllowAnonymous].
This page has some examples.
You Can use [AllowAnonymous] Attribute.
Please refer to this article in order to know how to use them in conjunction with [Authorize] attribute.
ASP.NET MVC AllowAnonymous Attribute and Authorize Attribute
I have MVC application with fixed set of roles: Admin, Management, Student
One of the new roles (Student) should have limited access to the application.
I have lot of methods and don't want to write [Authorize(... attribute for each of them.
Is there a way to define them once for all of the methods?
It's possible to define Authorize attribute also on a controller.
To define it only once I can use BaseController. When I have one common controller, that every other controller inherits from I can write this:
[Authorize(Roles = "Administrator, Management")]
public abstract class BaseController : Controller
{...
Then in some other controller:
public class ClassController : BaseController
{
...
[Authorize(Roles = ("Administrator, Management, Student"))]
public ActionResult Method()
{
...
This will ensure that role Student will have access only to the Method and not any other method defined in any of the controllers.
I am currently doing the following to restrict access to a controller using windows authentication.
[Authorize(Users = #"DOMAIN\first.last")]
public class HomeController : BaseController
{
}
This works fine currently but what I really want to do is:
[Authorize(Roles = #"...")]
But whatever role I entered it didn't work.
I want to set a break-point so I can see which role the currently logged in user has, but I can't do that currently.
Is it possible for me to inherit from Authorize and create my own filter attribute so I can put a break-point in it?
I want to see what role the current user has, so I have to set a breakpoint at the correct spot.
I have this so far:
public class RoleFilter : AuthorizeAttribute
{
}
You could create your own (not inherit from AuthorizeAttribute) and just paste in the code that makes up AuthorizeAttribute which you can get from GitHub
Or, you can simply point to the MVC symbol server
I want to remove controller name from URL for specific Controller.
My Controller name is Product
I found some link to do this
Routing with and without controller name
MVC Routing without controller
But all the above links done in route config file. and those are affecting other controller too. I want to do it using Attribute Routing.
Can it is possible? As I want to do this for only Product controller.
I have tried to do it on action like this
[Route("Sample/{Name}")]
but it is not working.
Gabriel's answer is right, however, it can be a bit misleading since you're asking for MVC and that answer is for Web API.
In any case, what you want is to put the annotation over the class definition instead of an action method. MVC example would be like:
[RoutePrefix("SomethingOtherThanProduct")]
public class ProductController : Controller
{
public ActionResult Index()
{
...
return View();
}
}
I'm also dropping this as an answer since you may find the following article helpful: [Attribute] Routing in ASP.NET MVC 5 / WebAPI 2
Make sure you set the RoutePrefix attribute on the whole controller class, as well as using the Route attribute on the action.
[RoutePrefix("notproducts")]
public class ProductsController : ApiController
{
[Route("")]
public IEnumerable<Product> Get() { ... }
}
I have a BaseController that all Controllers inherit from. The CaseController has the [Authorize] annotation, so that all controllers require authorization.
But I've just realized that one single controller action must not require authorization. How can I turn off [Authorize] for just that one controller action?
using System.Web.Mvc;
using Unleashed.Service.Interfaces;
namespace Controllers
{
[Authorize]
[RequireHttps]
public class BaseController : Controller
{
}
}
And the controller action is called via a POST from another site. They authorize by passing a token. They will not be authorized via forms authentication.
[Authorize=false] // doesnt compile
[Authorize(false)] // doesnt compile
public ActionResult DoSomething(string token, string data)
{
}
Solved by creating a new controller that does not inherit from BaseController, and adding the action to that controller. Now this one action does not require authorization, and all existing actions remain as is.