Home/ Questions/Q 3623382
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T23:22:35+00:00

I am attempting to build a system that allows users to perform certain actions,

  • 0

I am attempting to build a system that allows users to perform certain actions, but their account must have a specific ‘Ticket’ per time they do it. For instance, suppose they wish to create a Product, they would need a CreateProductTicket.

I could simply do this with some ‘if’ statements, sure, but I want to try a bit more of a robust solution. My structure looks something like this…

interface ITicket<T> where T : ITicketable
{
}

My basic goal is to build an Attribute, perhaps like the following..

public class TicketRequiredAttribute : Attribute
{
 public TicketRequiredAttribute(ITicket<T> ticket)
 {
  if(ticket == null) 
    return;
  }
}

And to be able to decorate Controller or Repository Actions with this. So like …

ProductsControlller

[TicketRequired(CreateProductTicket)]
public ActionResult CreateProduct(Product product)
{
 // ... **I am unsure how to tell if TicketRequired was true or not**
}

Problem 1

I’m not familiar enough with attributes to know how to tell if TicketRequired was ‘met’ or not. Can anyone enlighten me on this?

Problem 2

The problem I am running into is with database querying. I want to be able to check the user (IMembershipRepository has a GetUser method), but I’m not entirely certain how to do that through an attribute.

Using Castle.Windsor, I have my Dependency Injection set up to inject repositories into controllers. I suppose I could pass the IMembershipRepository through the TicketRequired constructor, but I have a feeling that will become very messy – and extremely unstable. Is there a more logical way to approach this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’re almost there. You can find more details at http://www.asp.net/mvc/tutorials/understanding-action-filters-cs

    I would only use the attribute on the action since the website is where I do all my authorization.

    Here is a possible solution. I have not tested this, but it should work. You’ll need to verify the way I’m redirecting, not sure if that’s the proper way.

     public class TicketRequiredActionFilter : ActionFilterAttribute
 {
        private Type _ticketType;

  public TicketRequiredAttribute(Type ticketType)
  {
        _ticketRequired = ticketType;     
  }

  public override void OnActionExecuting(ActionExecutingContext filterContext)
  {
     UserServices userServices = GetUserServicesViaDIContainer(); // you'll need to figure out how to implement this 
     string userId = filterContext.HttpContext.User.Identity.Name
     bool hasTicket = userServices.HasTicket(_ticketType, (int)userId); // again, you'll need to figure out the exact implementation
     if(!hasTicket)
     {
        filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Home" }, {"action", "NoPermission" } })
     }
     else
     { 
        base.OnActionExecuting(filterContext);
     }     
  }
}

    In your controller:

    [TicketRequiredActionFilter(typeof(CreateProductTicket))]
public ActionResult MyMethod()
{
    // do stuff as if the person is authorized and has the ticket
}

    If the user doesn’t have the ticket, a redirect is issues;, otherwise, continue as normal.

    • 0