Skip to content

Commit

Permalink
Use dedicated controllers for mixed attributes (#18879)
Browse files Browse the repository at this point in the history 
* Use dedicated controllers for mixed attributes

* Update aspnetcore/security/authorization/simple.md

Co-authored-by: Pranav K <[email protected]>

Co-authored-by: Pranav K <[email protected]>
  • Loading branch information
@Rick-Anderson @pranavkm
Rick-Anderson and pranavkm authored Jun 26, 2020
1 parent 43ae480 commit d26d4aa
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion aspnetcore/security/authorization/simple.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ This would allow only authenticated users to the `AccountController`, except for

## Authorize attribute and Razor Pages

The <xref:Microsoft.AspNetCore.Authorization.AuthorizeAttribute> can ***not*** be applied to Razor Page handlers. For example, `[Authorize]` can't be applied to `OnGet`, `OnPost`, or any other page handler.
The <xref:Microsoft.AspNetCore.Authorization.AuthorizeAttribute> can ***not*** be applied to Razor Page handlers. For example, `[Authorize]` can't be applied to `OnGet`, `OnPost`, or any other page handler. Consider using an ASP.NET Core MVC controller for pages with different authorization requirements for different handlers.

The following two approaches can be used to apply authorization to Razor Page handler methods:

Expand Down

0 comments on commit d26d4aa

Please sign in to comment.