Search⌘ K
AI Features
Home
Courses
Modern C# and .NET Tutorial: Cross-Platform Basics

Filter to Secure an Action Method

Explore how to protect specific action methods in ASP.NET Core MVC using filters. Learn to apply the Authorize attribute at different levels to restrict access to authenticated users or specific roles. Understand how to enable role management, create roles programmatically, and assign users to roles to control access within your web application.

We'll cover the following...

Cross-functional filters

When we need to add functionality to multiple controllers and actions, we can use or define our filters implemented as an attribute class. Filters can be applied at the following levels:

  • At the action level, by decorating an action method with the attribute. This will only affect one action method.

  • At the controller level, by decorating the controller class with the attribute. This will affect all methods of the controller.

  • At the global level, by adding the attribute type to the Filters collection of the MvcOptions instance that can be used to configure MVC when calling the AddControllersWithViews method, as shown in the following code:

C#
builder.Services.AddControllersWithViews(options =>
 {
   options.Filters.Add(typeof(MyCustomFilter));
 });

Using a filter to secure an action method

We might want to ensure that members of certain security roles can only call one particular action method of a controller ...