同时将 AuthorizeAttribute 应用于控制器类和操作
是否有一种方法可以在具有 Authorize 属性的控制器类的一个操作中忽略 [Authorize] 属性?
[Authorize]
public class MyController : Controller
{
[Authorize(Users="?")]//I tried to do that and with "*", but unsuccessfuly,
public ActionResult PublicMethod()
{
//some code
}
public ActionResult PrivateMethod()
{
//some code
}
}
只是 PrivateMethod() 应该需要身份验证,但它也是必需的。
PS:我不想制作自定义授权过滤器。
[]的
Is There one way to make a [Authorize] attibute be ignored in one action in a controller class that has a Authorize attribute?
[Authorize]
public class MyController : Controller
{
[Authorize(Users="?")]//I tried to do that and with "*", but unsuccessfuly,
public ActionResult PublicMethod()
{
//some code
}
public ActionResult PrivateMethod()
{
//some code
}
}
Just the PrivateMethod() should have authentication required, but it has been required too.
PS: I wouldn't like to make my custom authorize filter.
[]'s
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您可以使用[允许匿名]
You can use [AllowAnonymous]
默认情况下这是不可能的 - 如果您为控制器设置[授权],则只有经过身份验证的用户才能访问操作。
或者
您可以尝试自定义决策:stackoverflow。
By default it's impossible - if you set [Authorize] for controller then only authenticated user can access to action.
or
You can try custom decisions: stackoverflow.
本文中提供了解决方案: 保护您的 ASP.NET MVC 3 应用程序
本文讨论了一种白名单方法,您可以使用 AllowAnonymous 自定义属性来装饰操作。它要求您扩展
AuthorizeAttribute和OnAuthorization方法来跳过 AllowAnonymous 操作的授权检查。 (该方法归功于 MVC 团队的安全专家 Levi。)A solution is in this article: Securing your ASP.NET MVC 3 Application
The article talks about a white list approach where you decorate actions with a AllowAnonymous custom attribute. It requires that you extend
AuthorizeAttributeand theOnAuthorizationmethod to skip authorization checks of AllowAnonymous -actions. (The approach is credited to Levi, a security expert on the MVC team.)仅供将来参考 现在可以通过 ASP.NET MVC 4 中的
[AllowAnonymous]属性来完成此操作。更多信息
Just for future reference This is now available to be done by the the
[AllowAnonymous]attribute in ASP.NET MVC 4.More Info