I can use the [AllowAnonymous] attribute to permit a user to access a controller action, but is there an attribute to permit only anonymous users to an action? e.g. [AllowAnonymousOnly]
André Pena
No. It doesn't exist.
However, you can create it by creating your own attribute inheriting from the AuthorizeAttribute.
Yours would look like:
public class AllowAnonymousOnlyAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// make sure the user is not authenticated. If it's not, return true. Otherwise, return false
}
}
You could check the authentication of the user. If the user is logged in, then redirect him away from the controller. This can be achieved as follows using MVC's role provider:
if(User.Identity.IsAuthenticated)
{
return RedirectToRoute("home");
}
If the user is not logged in, this will then allow the user to view the contents of the page.
来源:https://stackoverflow.com/questions/29513828/how-to-force-only-anonymous-access-to-controller-action