Table of Contents

Class AuthorizeAttribute

Namespace
System.Web.Mvc
Assembly
System.Web.Mvc.dll

Specifies that access to a controller or action method is restricted to users who meet the authorization requirement.

[AttributeUsage(AttributeTargets.Class|AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : FilterAttribute, IMvcFilter, IAuthorizationFilter
Inheritance
AuthorizeAttribute
Implements
Inherited Members

Constructors

AuthorizeAttribute()

Initializes a new instance of the AuthorizeAttribute class.

public AuthorizeAttribute()

Properties

Roles

Gets or sets the user roles that are authorized to access the controller or action method.

public string Roles { get; set; }

Property Value

string

The user roles that are authorized to access the controller or action method.

TypeId

Gets the unique identifier for this attribute.

public override object TypeId { get; }

Property Value

object

The unique identifier for this attribute.

Users

Gets or sets the users that are authorized to access the controller or action method.

public string Users { get; set; }

Property Value

string

The users that are authorized to access the controller or action method.

Methods

AuthorizeCore(HttpContextBase)

When overridden, provides an entry point for custom authorization checks.

protected virtual bool AuthorizeCore(HttpContextBase httpContext)

Parameters

httpContext HttpContextBase

The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.

Returns

bool

true if the user is authorized; otherwise, false.

Exceptions

ArgumentNullException

The httpContext parameter is null.

HandleUnauthorizedRequest(AuthorizationContext)

Processes HTTP requests that fail authorization.

protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext)

Parameters

filterContext AuthorizationContext

Encapsulates the information for using AuthorizeAttribute. The filterContext object contains the controller, HTTP context, request context, action result, and route data.

OnAuthorization(AuthorizationContext)

Called when a process requests authorization.

public virtual void OnAuthorization(AuthorizationContext filterContext)

Parameters

filterContext AuthorizationContext

The filter context, which encapsulates information for using AuthorizeAttribute.

Exceptions

ArgumentNullException

The filterContext parameter is null.

OnCacheAuthorization(HttpContextBase)

Called when the caching module requests authorization.

protected virtual HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)

Parameters

httpContext HttpContextBase

The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.

Returns

HttpValidationStatus

A reference to the validation status.

Exceptions

ArgumentNullException

The httpContext parameter is null.