Home/ Questions/Q 716063
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T05:15:26+00:00

How to enable Authentication on whole controller and disable only for certain action methods.

  • 0

How to enable Authentication on whole controller and disable only for certain action methods. I want authentication for all resources. If I write something like that:

[Authorize]
public class HomeController : BaseController
{
    //This is public
    [UnAuthorized]
    public ActionResult Index()
    {
        ViewData["Message"] = "Welcome to ASP.NET MVC!";
        return View();
    }
    //This is private resource
    public ActionResult PrivateResource()
    {
        return View();
    }
}

Then anyone can access this resource. I need this because we have all resources are private and very few are public on our project. Do you have any ideas how to make it better way?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Based on solution which is found here I wrote the code that fixes exactly what I wanted.

    Create custom authorization attribute base on AuthorizeAttribute and override method OnAuthorization:

        public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext != null)
        {
            object[] attributes = filterContext.ActionDescriptor.GetCustomAttributes(false);
            if (attributes != null)
            {
                foreach (var attribute in attributes)
                    if (attribute is UnAuthorizedAttribute)
                        return;
            }
        }
        base.OnAuthorization(filterContext);
    }

    I’m using a reflection here to recognize an action with UnAuthorized attribute. I don’t know about performance issues in this case, but it solves the problem completely.

    • 0