2

I get the idea that the controller is checking (somewhere) for the actual user roles, but what do those square brackets mean?

It looks like some kind of directive, but i could not find neither who parses this directive nor where the Authorize function is defined.

DarkLighting
  • 309
  • 2
  • 10
  • Check this out: [Authorize attribute in ASP.NET MVC](http://stackoverflow.com/questions/10848086/authorize-attribute-in-asp-net-mvc) – emerson.marini Dec 18 '14 at 19:35
  • Editted back to "ASP.NET" in the title because someone that is searching for that in an ASP.NET page might not know it is from C#, as i also had trouble to find it. – DarkLighting Dec 18 '14 at 20:06
  • Thanks everybody. Those who provided answers and links in comments. – DarkLighting Dec 18 '14 at 20:09

2 Answers2

4

That is the syntax for an attribute in C#:

Attributes can be placed on most any declaration, though a specific attribute might restrict the types of declarations on which it is valid. In C#, you specify an attribute by placing the name of the attribute, enclosed in square brackets ([]), above the declaration of the entity to which it applies.

So what you have is an AuthorizeAttribute on your controller. This is a kind of action filter. The ASP.NET / MVC runtime is who "checks" and enforces action filters.

vcsjones
  • 138,677
  • 31
  • 291
  • 286
1

The Authorize attribute is actually AuthorizeAttribute. That may help your searches. The brackets are a directive that means that the stuff inside is an attribute. Attributes are processed differently based on what they're wrapping. In the case of AuthorizeAttribute it's hooking into the request and running it's own code before the action's code runs.

Chris Pratt
  • 232,153
  • 36
  • 385
  • 444