As part of a identity-enabled authorization system, I’d like to use IAuhtorizationFilter and Attributes

Question

0

Asked: May 31, 20262026-05-31T00:27:21+00:00 2026-05-31T00:27:21+00:00

As part of a identity-enabled authorization system, I’d like to use IAuhtorizationFilter and Attributes

0

As part of a identity-enabled authorization system, I’d like to use IAuhtorizationFilter and Attributes to restrict access to action methods in my controllers. I’ve got things working very well, partly due to help from the following resources:

However, when I try to decorate an action method with more than one of my attributes, I get an exception as follows (sorry for the formatting):

[InvalidOperationException: Sequence contains more than one element]

System.Linq.Enumerable.Single(IEnumerable`1 source) +2691369
   Ninject.Web.Mvc.FilterBindingSyntax.c__DisplayClass15`1.b__14(IContext ctx, ControllerContext controllerContext, ActionDescriptor actionDescriptor) in c:\Projects\Ninject\Maintenance2.2\ninject.web.mvc\mvc3\src\Ninject.Web.Mvc\FilterBindingSyntax\FilterFilterBindingBuilder.cs:379
   Ninject.Web.Mvc.FilterBindingSyntax.c__DisplayClass12.b__11(IContext ctx) in c:\Projects\Ninject\Maintenance2.2\ninject.web.mvc\mvc3\src\Ninject.Web.Mvc\FilterBindingSyntax\FilterFilterBindingBuilder.cs:358
   Ninject.Parameters.c__DisplayClass6.b__4(IContext ctx, ITarget target) in c:\Projects\Ninject\Maintenance2.2\ninject\src\Ninject\Parameters\Parameter.cs:60
   Ninject.Parameters.Parameter.GetValue(IContext context, ITarget target) in c:\Projects\Ninject\Maintenance2.2\ninject\src\Ninject\Parameters\Parameter.cs:88
   Ninject.Activation.Providers.StandardProvider.GetValue(IContext context, ITarget target) in c:\Projects\Ninject\Maintenance2.2\ninject\src\Ninject\Activation\Providers\StandardProvider.cs:97
   Ninject.Activation.Providers.c__DisplayClass2.b__1(ITarget target) in c:\Projects\Ninject\Maintenance2.2\ninject\src\Ninject\Activation\Providers\StandardProvider.cs:81
...

Here is a very simplified version of my code that demonstrates the problem in an MVC3 app:

Attribute:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
public class SampleAttribute : Attribute
{
    private Guid typeId;

    public bool IsAllowed { get; set; }

    public SampleAttribute(bool IsAllowed)
    {
        this.IsAllowed = IsAllowed;

        this.typeId = new Guid();
    }

    public override object TypeId
    {
        get
        {
            return (object)typeId;
        }
    }
}

Filter:

public class SampleFilter : IAuthorizationFilter, IMvcFilter
    {
        private bool isAllowed;

        public bool AllowMultiple
        {
            get { return true; }
        }

        public int Order
        {
            get { return 0; }
        }

        public SampleFilter(bool isAllowed)
        {
            this.isAllowed = isAllowed;
        }

        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (!isAllowed)
                throw new Exception("unauthorized");
        }
    }

Controller:

public class HomeController : Controller
    {
        [Sample(true)]
        [Sample(false)]
        public ActionResult Index()
        {
            ViewBag.Message = "Welcome to ASP.NET MVC!";

            return View();
        }
    }

The controller method above works as expected if one or the other of the Sample attributes on the Index() method is removed. Having both in place, generates the exception. I realize that in this simplified example, there isn’t a situation that would call for both attributes, but it’s simply for illustration.

What am I missing?