Home/ Questions/Q 6213077
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T06:37:53+00:00

I have a project that I’ve built without using the default template, instead I

  • 0

I have a project that I’ve built without using the default template, instead I did everything from beginning.

Now I need to implement checks for admin and I don’t think that

public ActionResult someAction()
{
   if (session exists)
   {
      // do it
   }
   else
   {
      //redirect back or show 403
   }
}

is a good idea on every delete/edit/create actions.

What I want to do instead is build action filter that will check if admin session exists and if there is no session it will redirect to 403 or something like that.

[AdminCheck]   
public ActionResult someAction()
{
   // do it
}

However I don’t know how to do that. I’ve did some research and put it up, but I have no idea how to implement functionality in it.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace stevePortfolio.Infrastructure
{
    public class AdminCheck : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);
            // No idea what to write here...
        }
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should use the AuthorizeAttribute for this. You can use it out of the box to check if the user is a member of a specific role like this:

    [Authorize(Roles = "IsAdmin")]   
public ActionResult DoStuff()
{
   //action body
}

    or you can Subclass it if you need more complexity and place in the required code.

    public class AuthorizeByRightAttribute : AuthorizeAttribute
    {
       protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
        {
            var authorized = base.AuthorizeCore(httpContext);
            if (authorized && controller != null)
            {
                //Return true or false based on some criteria
            }

        }

    You can then handle an unauthorized request any way you want. The example below does it by issuing a HTTP status code 403 and a jsonresult for my ajax methods to check, or for normal http requests, redirects to the “Not Authorized” page.

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (!controller.PortalSession.ValidSession)
            {
                base.HandleUnauthorizedRequest(filterContext);
            }
            else
            {
                if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
                {
                    //base.HandleUnauthorizedRequest(filterContext);
                    filterContext.RequestContext.HttpContext.Response.StatusCode = 403;
                    var result = new JsonResult();
                    result.Data = new {Success=false};
                    result.JsonRequestBehavior = JsonRequestBehavior.AllowGet;
                    filterContext.Result = result;
                    return;
                }

                filterContext.Result = new RedirectToRouteResult(
                    new RouteValueDictionary
                        {
                            {"controller", MVC.Login.Name},
                            {"action", MVC.Login.ActionNames.NotAuthorized},
                            {"group", RequiredRole}
                        });
            }


        }
    • 0