Reference:Allow
Contents |
Overview
The Allow attribute marks a controller as allowing a particular permission or role to enter. This attribute negates a higher Deny attribute.
Usage
This attribute is specified for Class level usage, and should be used on controllers implementing [ISecurityController]. When marked, the default implementation of the runtime will override any previous [Deny] specifications, and assure that principals with the specified permission are granted access to all sub-urls of the given controller. See [SecurityController] for more information.
Role
The name of the role this attribute allows access for. This can be one of
- ? (Anonymous)
- * (Authenticated)
- Named value.
OnFailure
Specifies the action to take when the condition is not met. This parameter is ignored for the Allow attribute.
Target
This parameter is ignored for the Allow attribute.
Example
The following code demonstrates how to specify an Allow permission on a specific bind point
[Bind("/action/search")] [Allow("?")] public class SearchSecurity : SecurityController { }
