MVC :: Securing Actions/controllers - Create A Custom Filter Or Use Built-in Filter?
Jan 1, 2010
In securing actions/controllers, do I have to create a custom filter or use MVC built-in filter?
To use the built-in attribute Authorize() on an action/controller or create a separate class that inherits the ActionFilterAttribute which has a method (OnActionExecuting) to override and do the authentication there?
In my organization we use nested groups. For a particular usage, we have a group (let's assume that the group name "kuku"), and the names of all the nested groups under it contains "kuku" as well.
We may assume that no other group in the LDAP has "kuku" in the name.
I need to create a filter which will return all the users which belong to one of the "kuku"s group.
Obviously, using this filter will bring only the head kukus
(&(&(objectclass=user)(objectclass=person))(memberOf=CN=kuku,cn=...rest of the group DN...))
How can I use wild card to fetch all users which belong to any kuku?
For example: (&(&(objectclass=user)(objectclass=person))(memberOf=CN=.*kuku.*))
I have decorated my base controller with a couple of action filters. They work fine.
One of those filters sets up the request - does things like set the culture based on the domain, etc.
I also have a handful of actions that require authorization using the Authorize attribute.
My problem is that when an user attempts to request a page they are not authorized to access, the authorization filter kicks in and redirects them to a page telling them that they cannot vie the page.
The issue is that the action filters never run so the culture and other request data is never set. This effectively causes language to be wrong in the view and other data to be missing.
I know that authorization filters run first but my question is this: How can I design this such that I can ensure that certain methods are always run before the view is returned, regardless of the authorization.
how to write/implement custom authorization filter , i am using my own custom Authentication module and roles and not ASP.net forms authentication and have my user and role information in my sessions...
say Session["role"] = "Admin" or Session["role"] = "User"
how can i write custom filter to prevent users to access certain functionalities i.e Controller actions.
I have a custom actionfilter that strips out the whitespaces before the html is rendered in browser and it is working fine. However I have been unable to unit test the custom action filter. Ideally I want to do an assert on the sample html that all whitespaces have been removed. Code looks something like this.
making my own filter page for a gridview and have ran into. When the user clicks on the add filter button, I create a row in an ASP table displaying the filter. The filtering works correctly and adds the row to the table. But att the last cell is a button that is created when the row is added to delete the filter. For some reason the delete button will not fire the event ive created for it. Any suggestions? Code that creates the tablerow and button. private void BindDtToTable() { // Get the DataTable from Session DataTable dt = (DataTable)Session["MyDt"]; // Loop through the rows foreach (DataRow dr in dt.Rows) { // Create a table row TableRow tr = new TableRow(); tr.ID = dr["id"].ToString(); [code]...
I have to develop an authorize filter in asp.net mvc.I have got five categories of users in my site and my site uses custom created authentication system.Now i have a controller action which should be accessible to 3 out of those five type of users.How to create a filter (basically authorize) and use it which fulfills my requirement?I think i need to create the authorize filter with parameter.I should be able to use something like this in my controller action.
Authorize[UsersType="admin,accountant,operator"] public ActionResult Test() { }
I have one controller that takes a username and pass and checks against a database. IF the user is authenticated, I want to call an overloaded action on another controller.
My end goal is to authenticate a user against an old table from a MySQL db (I have this part working). Once the user is authenticated, I would like to be able to "automagically" forward the person to the built in MVC registration page but I would like to populate some fields in the view using data obtained from the first controller (the old databse info).
When I try something like what I have below I get an error about the Register() methods being ambiguous. I've also tried using the [ActionName("Register2")] attribute but then the error returned says it cant find a method named Register2.
I have a asp.net gridview, which i am binding at runtime with a custom List object. I want to add a filter row below the header row on each column and on click of filter button grid data should get filtered based on values written in the filter textboxes.
[URL]as the iage upstairs i have to create a filter in my sql stored procedure so, my difficulties is switch the "and" and "OR" paramers located in the webFormhow can i do that?i was thinking to save in a temporaney variable : @temp='and field=1' but my difficulties is to concatenate with a principal query and execute it
I'm trying to implement a custom filter template for all text based searches and running into problems constructing the query. I've been following the instructions posted on this blog but not sure how change the GetQueryable method to perform a WHERE columnAttribute LIKE '%something%'query. In the example on the blog the expression is an equality which works if the text I enter exactly matches the text in the database column.
At the moment I'm using the new QueryExtender feature along with the SearchExpression control but this requires creating several custom pages for all the tables I need text search functionality for. I would like to DRY this up by creating the custom filter template.
When I login to application, i want Button ad a Header menu like (Admin,Quote....2 button should visible).
If Login User is Admin/Quote then Click on that Button it should show all its child nodes must be as the button horizontally.
[Code]....
Even i have to write the code in the Code Behind of Site.Master. I think i need Repeter's OnItemCommand event but it does not run that methods and how can i filter the sitemap with Role in this Method? I can not able to Find the control in the Code Behind.. Is it possible to show these type of custom menus using SiteMap with Role Filteration?
One of our customers has a report with a single value string parameter that has over 1000+ possible values. selecting single value from 1000+ choices results in bad UI, among other things.create another parameter that acts a filter for the other parameter. So you would have Param1 with say 25 choices and selecting a choice would narrow down the option for the second parameter.Is this the best way. What is the best practice for handling these kinds of parameters?
Usually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.
My setup project installs web site and executes some custom actions using a class library. That class library is copied to bin folder of the web site, and after that IIS tries to load it even though it isn't needed by the web site any how. How to prevent the class library from loading? Maybe it is possible to copy it to another directory instead of bin? Or maybe the web.config can be configured in such a way to prevent that class library from loading?
One of the navigation properties of the User object is Users_UserStatus1. This is a one to many (we store the status for each user account, when an account's status is changed, a new record is inserted into the status table as opposed to updating it). One of the search criteria I'm trying to filter on is the UserStatus. So, I pass in a comma-delimited string like so:
[Code]....
The problem, it seems, is that this is only bringing back one record, even though more of them should be matching. Also, I only want this to filter based on the last status for each user, not all of them. Can't quite seem to figure this one out.
What I want is to filter the dataview so I get top 10.
I googled it and found out that I had first to sort the dataview. Then add a column (int) to datatable. This column I then made a AutoIncrement on......
This works fine - I can see in the codebehind that it adds a column to the datatable that I called AutoInc.
Then make a RowFilter on the dataview - here it goes "wrong" for me.....
When using the line
datVie.RowFiler = "AutoInc < 11";
and bind it to a gridview I don't get a error - but it also don't show me any rows in the gridview...... If I comment the line out - I get all the rows in the dataview..
I am having difficulty in usint distinct with row filter, how to do this without using distinct.As i think distinct does not work with row filter.
Dim dsEName As DataSet = biz.GetEvent() Dim dt As DataTable = dsEName.Tables(0) Dim dv As New DataView(dsEName.Tables("dt")) dv.RowFilter = "DISTINCT EventName " Me.ddlEventName.DataSource = dv Me.ddlEventName.DataTextField = "EventName" Me.ddlEventName.DataValueField = "EventName" Me.ddlEventName.DataBind()