0

I have an ASP.NET MVC4 application in which I would like the AccountController to be easily enabled/disabled by a setting in the web.config. As I would like registrations and logins for a period, and then open up to be public. I am just a little unsure as to the best approach.

many thanks

user1863802
  • 51
  • 5

2 Answers2

1

There is an existing StackOverflow question concerning this topic in which a custom attribute value is applied to the controller, which reads a value from web.config and allows the controller to be used or 404s, which I am not sure is exactly what you are looking for, but it might lead you in the right direction.

Another possibility is URL-rewriting.

Here is that other SO question: Conditionally Disable ASP.NET MVC Controller

Community
  • 1
  • 1
Karl Anderson
  • 34,606
  • 12
  • 65
  • 80
0
<system.web>
  <!-- anonymous usage -->
  <authentication mode="None"></authentication>
  <!-- Forms login -->
  <!--<authentication mode="None">
    <forms ... />
  </authentication>-->
</system.web>

Is that what you're looking for? note this won't "disable" the AccountController, but will make it trivial since authentication would effectively be disabled. However, it's up to how to write the site in terms of showing a login/logout button or showing no credential handling on the page when permitted.

You could probably create an extension of the AuthorizeAttrbiute that checks Context.User.Identity.AuthenticationType and permits/denies access based on authentication mod supplied in web.config (then apply that attribute to the AccountController (and any other actions) you want to restrict when mode="None".

Brad Christie
  • 100,477
  • 16
  • 156
  • 200
  • Thanks for the quick response. I have the following code to disable the ability to login. But I would really like to disabled the register/login etc URLS which are still accessible. In the global.asax I have: if (Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["PswProtect"])) { filters.Add(new System.Web.Mvc.AuthorizeAttribute()); } – user1863802 Jun 14 '13 at 15:55
  • I am not sure this is the greatest idea, because this will affect any controller with the Authenticate attribute applied to it. – Karl Anderson Jun 14 '13 at 15:57
  • @user1863802: see my update to the answer. You can use the `AuthenticationType` coupled with an inherited `AuthorizeAttribute` and get pretty close to what you're looking for. – Brad Christie Jun 14 '13 at 15:58
  • Sorry I meant Authorize attribute, switching between WebForms and MVC too many times for a Friday. LOL – Karl Anderson Jun 14 '13 at 16:07