In our application we have an Umbraco page that allows a user to submit a form post, in Umbraco backoffice it's possible to set permissions to the user not allowing him to see the page that contains the form
So in this case:
[ChildActionOnly]
public ActionResult SomeActionMethod()
{
//logic
}
If I call this action method from an Umbraco page and the user doesn't have permissions to access the Umbraco page he will never be able to request the SomeActionMethod due to the attribute [ChildActionOnly], when using @Html.Action("SomeActionMethod", {Controller}) from the Umbraco page.
But then if I have a post method like this:
[HttpPost]
public ActionResult SomePostMethod()
{
//logic
}
Since this is a post method and doesn't have an Umbraco page that is going to call @Html.Action...
So my question is, is there a way to unauthorize someone from performing a post method if the user is not logged in and have a certain role, that can be configured in Umbraco backoffice?
Member permissions on post method
Hey there,
In our application we have an Umbraco page that allows a user to submit a form post, in Umbraco backoffice it's possible to set permissions to the user not allowing him to see the page that contains the form
So in this case:
[ChildActionOnly]
public ActionResult SomeActionMethod()
{
//logic
}
If I call this action method from an Umbraco page and the user doesn't have permissions to access the Umbraco page he will never be able to request the SomeActionMethod due to the attribute [ChildActionOnly], when using @Html.Action("SomeActionMethod", {Controller}) from the Umbraco page.
But then if I have a post method like this:
[HttpPost]
public ActionResult SomePostMethod()
{
//logic
}
Since this is a post method and doesn't have an Umbraco page that is going to call @Html.Action...
So my question is, is there a way to unauthorize someone from performing a post method if the user is not logged in and have a certain role, that can be configured in Umbraco backoffice?
is working on a reply...