Home/ Questions/Q 8661567
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T16:31:37+00:00

I override AuthorizeCore function in mvc for authentication and authorization this working fine when

  • 0

I override AuthorizeCore function in mvc for authentication and authorization this working fine when I call a view form controller. but now i have a view that contain some links for reports i want to show report to users that has access rights. I can hide links of reports but unable to restrict direct url.

fine with this url request [http://MyDomain:1426/Company/Index] but
not goes to authorizecore method when url is : [http://MyDomain:1426/Reports/GrpView?OfferID=1] (because I have no controller for reports)
is there any way in MVC to filter view urls ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s not very clear what the Reports/GrpView handler that is providing your reporting functionality is. It doesn’t seem to be an ASP.NET MVC controller action as you would have decorated it with the [Authorize] attribute and specified the roles.

    If this is some legacy WebForms page or a handler you could use the <location> section in your web.config to control access:

    <location path="Reports/GrpView">
    <system.web>
        <authorization>
            <!-- deny access to all users -->
            <deny users="*"/> 

            <!-- allow access to users in the "admins" role -->
            <allow roles="admins"/> 
        </authorization>
    </system.web>
</location>

    The Authorize attribute (and any custom attributes deriving from it) are intended to be used only to secure access to ASP.NET MVC controller actions. If you are not using ASP.NET MVC for your reporting services you cannot use those mechanisms.

    • 0