Custom Attributes on ActionResult

Question

This is probably a rookie question but;

Let's say I have an ActionResult that I only want to grant access to after hours.

Let's also say that I want to decorate my ActionResult with a custom attribute.

So the code might look something like;

[AllowAccess(after="17:00:00", before="08:00:00")]
public ActionResult AfterHoursPage()
{
    //Do something not so interesting here;

    return View();
}

How exactly would I get this to work?

I've done some research on creating Custom Attributes but I think I'm missing the bit on how to consume them.

Please assume I know pretty much nothing about creating and using them though.

Answer 1

Try this (untested):

public class AllowAccessAttribute : AuthorizeAttribute
{
    public DateTime before;
    public DateTime after;

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        DateTime current = DateTime.Now;

        if (current < before | current > after)
            return false;

        return true;
    }
}

More info here: http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/

Answer 2

What you are looking for in .net mvc are Action Filters.

You will need to extend the ActionFilterAttribute class and implement the OnActionExecuting method in your case.

See: http://www.asp.net/learn/mvc/tutorial-14-cs.aspx for a decent introduction to action filters.

Also for something slightly similar see: ASP.NET MVC - CustomeAuthorize filter action using an external website for loggin in the user