6
[AuthenticateUser]
public class HomeController : Controller
{
    //
    // GET: /Home/
    public ActionResult Index()
    {
        return View();
    }

    [AllowAnonymous]
    public ActionResult List()
    {
        return View();
    }
}

How to remove authentication for action named as List? Please advise....

My Custom Filter coding as follow.. i have inherited the FilterAttribute call as well. Please advise regarding

public class AuthenticateUserAttribute: FilterAttribute, IAuthenticationFilter
{
    public void OnAuthentication(AuthenticationContext context)
    {
        if (this.IsAnonymousAction(context))
        {

        }

        if (user == "user")
        {
            // do nothing
        }
        else
        {
            context.Result = new HttpUnauthorizedResult(); // mark unauthorized
        }
    }

    public void OnAuthenticationChallenge(AuthenticationChallengeContext context)
    {
        if (context.Result == null || context.Result is HttpUnauthorizedResult)
        {
            context.Result = new RedirectToRouteResult("Default",
                new System.Web.Routing.RouteValueDictionary{
                    {"controller", "Home"},
                    {"action", "List"},
                    {"returnUrl", context.HttpContext.Request.RawUrl}
                });
        }
    }
}

The below code generate the error message : Error 1 The best overloaded method match for 'MVC5Features.Filters.AuthenticateUserAttribute.IsAnonymousAction(System.Web.Mvc.AuthorizationContext)' has some invalid arguments c:\users\kirupananthan.g\documents\visual studio 2013\Projects\MVC5Features\MVC5Features\Filters\AuthenticateUserAttribute.cs 16 17 MVC5Features Error 2 Argument 1: cannot convert from 'System.Web.Mvc.Filters.AuthenticationContext' to 'System.Web.Mvc.AuthorizationContext' c:\users\kirupananthan.g\documents\visual studio 2013\Projects\MVC5Features\MVC5Features\Filters\AuthenticateUserAttribute.cs 16 40 MVC5Features

if (this.IsAnonymousAction(context))
Kirupananthan.G.S
  • 265
  • 1
  • 3
  • 9
  • Is it your custom attribute. If not, maybe `[AllowyAnonymous]` will work. –  Oct 30 '14 at 12:01
  • Authentication filter introduced in MVC 5.. There is no built-in authentication filter.. This is my Custom Authentication Filter... – Kirupananthan.G.S Oct 30 '14 at 12:03
  • where is impl. of `IsAnonymousAction`? What's more in if body there should be `return`. –  Oct 30 '14 at 14:08
  • The secodnly - change imporved body of my func - there is `AuthorizationContext` but should be `AuthenticationContext` in parameter. –  Oct 30 '14 at 14:09

6 Answers6

11

Since it is your custom filter, you can extend it to handle AllowAnonymous (if you don't want to use AllowAnonymous, yoy can create own f.e. NoAuthentication):

public class AuthenticateUser : IAuthenticationFilter
{

    public void OnAuthentication(AuthenticationContext filterContext)
    { 
        if (this.IsAnonymousAction(filterContext))
        {
            return;
        }

        // some code
    }

    private bool IsAnonymousAction(AuthenticationContext filterContext)
    {
        return  filterContext.ActionDescriptor
                             .GetCustomAttributes(inherit: true)
                             .OfType<AllowAnonymousAttribute>() 
                                             //or any attr. you want
                             .Any();
    }
}
  • i have tried your example.. but it show the above error... i was included the error in by edit my question... Please advise – Kirupananthan.G.S Oct 30 '14 at 14:05
  • See my comment in question. –  Oct 30 '14 at 14:19
  • your answer it correct. I have copied your your function and paste that to my code. So, you have edited your answer "AuthorizationContext" to""AuthenticationContext" in that parameter. Please advise – Kirupananthan.G.S Oct 30 '14 at 15:07
  • Yeah - that was a mistake from my side. Iy should be `AuthenticationContext` in paramater of course. –  Oct 30 '14 at 15:22
1

Try the 

[AllowAnonymous]

attribute

severin
  • 5,203
  • 9
  • 35
  • 48
0

Maybe if you specify a specific User Group for that action and in your custom authentication filter allow this group for everything.

e4rthdog
  • 5,103
  • 4
  • 40
  • 89
0

In MVC 5 and I quote from http://www.dotnetcurry.com/showarticle.aspx?ID=975 The class CustomOverrideAuthorizationAttribute is inherited from the FilterAttribute class and implements IOverrideFilter. This interface is used to define the filters applied on the controller. The property FiltersToOverride returns the IAuthorizationFilter type. This means that Authorize filter applied on the parent (controller or Global application class) will be overridden

Bilal
  • 182
  • 13
0

I believe you should remove the attribute from the controller and put it on each action method except List.

The Rural Juror
  • 79
  • 8
0

So, reading the article that @Bilal posted (Oct 30 '14 at 12:24), it seems there's an elegant way to override filters by class (or interface). You'd have to write a custom attribute for each filter that you want to override, but that may not be a huge problem, if you consider that you probably don't want to override many filters, right?

So, in your question you want to override the AutherizationUser attribute, so you'd implement this class:

public class CustomOverrideAuthenticateUserAttribute : 
   FilterAttribute, IOverrideFilter
{
    public Type FiltersToOverride
    {
        get
        {
            return typeof(AuthenticateUserAttribute);
        }

    }
}

And rewrite your controller as:

[AuthenticateUser]
public class HomeController : Controller
{
    //
    // GET: /Home/
    public ActionResult Index()
    {
        return View();
    }

    [CustomOverrideAuthenticateUser]
    public ActionResult List()
    {
        return View();
    }
}
seebiscuit
  • 4,905
  • 5
  • 31
  • 47