Is it possible to implement object-level security with a custom ActionFilterAttribute ? I read

Question

0

Asked: May 19, 20262026-05-19T10:29:22+00:00 2026-05-19T10:29:22+00:00

Is it possible to implement object-level security with a custom ActionFilterAttribute ? I read

0

Is it possible to implement object-level security with a custom ActionFilterAttribute?

I read Branislav Abadjimarinov’s answer to Get permission from Authorize Attribute? and started thinking about making an AuthorizeAttribute-like action filter for implementing object-level security.

Suppose I were to call it ObjectAuthorizeAttribute with the intended usage:

[ObjectAuthorize]
public ActionResult Edit(int id)
{
    //...

What would be the easiest way to access the ID value within OnActionExecuting?

Is something like this already available?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-19T10:29:23+00:00

Editorial Team

2026-05-19T10:29:23+00:00Added an answer on May 19, 2026 at 10:29 am

You can extend the AuthorizeAttribute and have access to things like RouteData via the AuthorizationContext. If you are doing authorization I think it makes more sense to start from the AuthorizeAttribute rather than ActionFilterAttribute.

var id = filterContext.RouteData.Values["id"];

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is it possible to implement object-level security with a custom ActionFilterAttribute ? I read

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply