Home/ Questions/Q 8913643
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T04:30:46+00:00

Using Fluent Security, I have configured website access using DenyAnonymousAccess, DenyAuthenticationAccess and RequireRole. SecurityConfigurator.Configure(configuration

  • 0

Using Fluent Security, I have configured website access using DenyAnonymousAccess, DenyAuthenticationAccess and RequireRole.

SecurityConfigurator.Configure(configuration =>
{
    configuration.ResolveServicesUsing(new FluentSecurityServiceLocator());
    configuration.GetAuthenticationStatusFrom(CurrentUser.IsAuthenticated);

    configuration.GetRolesFrom(CurrentUser.Roles);

    configuration.For<HomeController>().DenyAnonymousAccess();
    configuration.For<ReportsController>().RequireRole(UserRole.Administrator);
    configuration.For<AccountController>().DenyAuthenticatedAccess();

    configuration.For<AccountController>(x => x.ChangePassword()).DenyAnonymousAccess();
});

I’ve handled the PolictyViolationException for DenyAnonymousAccess and redirected to the logon page.

public ActionResult Handle(PolicyViolationException exception)
{
    return new RedirectToRouteResult(
       new RouteValueDictionary(new { action = "Login", controller = "Account" })
       );
}

But I’m not sure if catching an exception from RequireRole is the same process? I need to redirect if RequireRole is violated.

Also, when user isn’t logged on and clicks a link attached to a role, I get the unhandled version of denyanonymousaccess exception. What am I doing wrong in my configuration and implementation??

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have to define the name of the violation handler class correctly. It depends on the violation which needs to be handled.
    If you are handling the violation for DenyAnonymousAccessPolicy, your violation handler class must have the name start with the policy name and it must implement IPolicyViolationHandler. This rule must be followed for all policy violations
    like this:

    public class DenyAnonymousAccessPolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {

        //Log the violation, send mail etc. etc.
        var rvd = new RouteValueDictionary(new
        {
            area = "",
            controller = "Account",
            action = "LogOn",
            statusDescription = exception.Message
        });
        return new RedirectToRouteResult(rvd);

    }
}

    For RequireRolePolicy, the handler should look like this:

    public class RequireRolePolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {

        //Log the violation, send mail etc. etc.
        var rvd = new RouteValueDictionary(new
        {
            area = "",
            controller = "Home",
            action = "Home",
            statusDescription = exception.Message
        });
        return new RedirectToRouteResult(rvd);

    }
}

    Check this link for further knowledge on fluent security policy violation handlers.

    https://github.com/kristofferahl/FluentSecurity/wiki/Policy-violation-handlers-2.0

    Hope it helps!!!

    • 0