What is an action filter?
Sometimes you want to perform logic either before an action method is called or after an action method runs. To support this, ASP.NET MVC provides action filters. Action filters are custom attributes that provide a declarative means to add pre-action and post-action behaviour to controller action methods. (From MSDN) More
How to implement a custom action filter
- Inherit the abstract class ActionFilterAttribute and override the desired methods:
public class AdminAuthorize : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (CheckYourConditon)
{
// executing action
base.OnActionExecuting(filterContext);
}
else
{
// Redirect to the needed login page or whatever you want
// This can be pulled from config file or anything else
filterContext.HttpContext.Response.Redirect("/error?ReturnUrl="
+ HttpUtility.UrlEncode(filterContext.HttpContext.Request.RawUrl));
}
}}
- Add the custom attribute to your controller/action
Controller:
[AdminAuthorize]
public partial class SendEmailController : Controller
{
...
}
Action:
[AdminAuthorize]
public virtual ActionResult Reset()
{
...
}
Membership integration
If you using ASP membership you can use Authorize attribute easily. You can use that to restrict the access to an action or a controller like this:
[Authorize(Roles="Admins")]
Or
[Authorize(Users="Admin")]