Closed MrMitch closed 11 years ago
I thought about it, but then I read the manual :
Specifies that actions and controllers are skipped by AuthorizeAttribute during authorization.
So that wasn't a way to discard access to specific users.
Moreover, the DiscardAttribute simply negates the AuthorizeAttribute value, so you can imagine something like:
[Discard(Users="David,Mitch")]
That code (although not tested) should grant access to everybody except the specified ones, which is sometimes more interesting than specifying all authorized users =)
The
AllowAnonymous
attribute basically works the same as your DiscardAttribute filter, so why not use it instead ?