I would like to secure my MVC controller actions using… [PrincipalPermission(SecurityAction.Demand, Role=Administrator)] However, if

Question

Asked: May 14, 20262026-05-14T08:31:45+00:00 2026-05-14T08:31:45+00:00

I would like to secure my MVC controller actions using…

[PrincipalPermission(SecurityAction.Demand, Role="Administrator")]

However, if the user is not in this role then a SecurityException “Request for principal permission failed.” is thrown by the code.

There seems to be no way to handle this error, even [Handle] error wont catch it.

What I would like is a way to catch the security exceptions and then redirect the user to my Login page (or route).

Or, some way to write my own action filter that I can add to any method e.g.

[MustBeAnAdministrator]

… which would check if the user is in the correct role, and redirect them. However, I cant seem to get a redirection to work in an action filter.

Thanks.

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-05-14T08:31:46+00:00

Editorial Team

In our MVC-project we use the

<Authorize(Roles:="Administrators")>

Function given by the MembershipProvider – which we fitted to our conditions. If the user is not logged in he will be forwarded to the login-screen.

The Archive Base Latest Questions