Proposal to create a new attribute "AnonymousOnlyAttribute", which would be used primarily as a method filter, in the same way that HttpGet and HttpPost are used.<br /><br />The filter would allow a method to fire only if the user is anonymous. This functionality promotes the "Single Responsibility Principle", because I can break an action down in to two separate actions, one for authorized users and one for anonymous users.<br /><br />A typical use case for this would be where an action returns a different partial view according to whether or not the user is logged in.<br /><br />Another use case would be to decorate methods such as LogIn, Register, ForgotPassword, etc. i.e. methods that only make sense to anonymous users. Authorized users should not be able to access these methods, both from a common sense and a security point of view.<br /><br />See this post for a better explanation of my rationale.<br /><br />http://stackoverflow.com/questions/13714250/single-responsibility-principle-in-mvc-controllers-critique-required<br /><br />In addition, the AnonymousOnlyAttribute should also automatically apply the AllowAnonymousAttribute since that would be a pre-requisite. See this other issue: http://aspnetwebstack.codeplex.com/workitem/708<br />
↧