Click or drag to resize
AllowOnlyEditorAttribute Class
Restricts access to controller only for the editors.
Inheritance Hierarchy
SystemObject
  SystemAttribute
    FilterAttribute
      AuthorizationFilterAttribute
        CMS.WebApiAllowOnlyEditorAttribute

Namespace: CMS.WebApi
Assembly: CMS.WebApi (in CMS.WebApi.dll) Version: 12.0.0
Syntax
C#
Copy
public sealed class AllowOnlyEditorAttribute : AuthorizationFilterAttribute

The AllowOnlyEditorAttribute type exposes the following members.

Constructors
  NameDescription
Public methodAllowOnlyEditorAttribute
Top
Methods
  NameDescription
Public methodOnAuthorization
Calls when a process requests authorization.
(Overrides AuthorizationFilterAttribute.OnAuthorization(HttpActionContext).)
Top
Remarks

This API supports the framework infrastructure and is not intended to be used directly from your code.

It is preferable to use this AllowOnlyEditorAttribute over the default Web API AuthorizeAttribute, since this filter logs exceptions to the event log and handles Windows authentication properly for the CMS administration. However, this attribute does not work with the AllowAnonymousAttribute, so it should not be used within the controller which is already decorated with the AllowOnlyEditorAttribute. This attribute is not intended to be used in customer code directly.

Examples
This example shows how to restrict access to the whole controller.
Copy
[AllowOnlyEditor]
public class MyController : ApiController
{
    // For accessing this method user has to be authorized.
    public HttpResponseMessage GetValue()
    {
        ...
    }
}
This example shows how to restrict access to the single action.
Copy
public class MyController : ApiController
{
    [AllowOnlyEditor]
    // For accessing this method user has to authorized.
    public HttpResponseMessage GetAuthorized()
    {
        ...
    }

    // While this action can be accessed even by public user.
    public HttpResponseMessage GetPublic()
    {
        ...
    }
}
See Also