I would like to secure my MVC controller actions using...
[PrincipalPermission(SecurityAction.Demand, Role="Administrator")]
However, if the user is not in this role then a SecurityException "Request for principal permission failed." is thrown by the code.
There seems to be no way to handle this error, even [Handle] error wont catch it.
What I would like is a way to catch the security exceptions and then redirect the user to my Login page (or route).
Or, some way to write my own action filter that I can add to any method e.g.
[MustBeAnAdministrator]
... which would check if the user is in the correct role, and redirect them. However, I cant seem to get a redirection to work in an action filter.
Thanks.
In our MVC-project we use the
<Authorize(Roles:="Administrators")>
Function given by the MembershipProvider - which we fitted to our conditions. If the user is not logged in he will be forwarded to the login-screen.