Reputation: 789
Is RoleProvider needed to use [Authorize(Roles = "Admin")]?
I would like to use the [Authorize(Roles = "Admin")] attribute on my ASP.net MVC controller actions. Do I need to have a role provider configured (either out of the box or custom) to do this? If I do, and I want to use a custom role provider, which method(s) must be implemented in order to use the AuthorizeAttribute?
Thanks so much.
Upvotes: 2
Views: 2074
Answers (2)
Reputation: 62300
Yes, you need Role Provider in order to use [Authorize(Roles = "Admin")]
Take a look at new ASP.NET Universal Providers which uses Entity Framework Code First.
(Note: Old ASP.Net Membership Provider generated by aspnet_regsql.exe uses schema and store procedures. I do not recommend using it.)
If you want to implement Custom Role Provider, minimum you need to override the following method (other methods are optional) -
public override string[] GetRolesForUser(string username)
Updated for Comment
if I have to use a MembershipProvider or can I get away with just using a RoleProvider to use [Authorize(Roles = "Admin")] on my controller actions
Normally, you want to use MembershipProvider if you want to use RoleProvider. Otherwise, you will need to create IPrincipal object and add the user's authorized roles to the object.
According to this post, you cannot customize [map] with Universal Providers.
The original question is about renaming the membership tables which you cannot do (unless you create Custom Membership Provider and Custom Role Provider). However, you can create relationships between your tables and membership tables. In addition, you can include membership tables in your store procedures.
Upvotes: 1
Reputation: 2757
Yes you need to have membership/role provider configured to use Authorize(Roles = "Admin"). When you create asp.net mvc project it automatically configured for u. If you use the tool aspnet_regsql.exe it will create membership database. Following link may help
http://www.asp.net/mvc/tutorials/mvc-music-store/mvc-music-store-part-7
To implement custom role provider is bit difficult and lot of coding involve. Please see the following link
http://bojanskr.blogspot.com.au/2011/12/custom-membership-provider.html http://bojanskr.blogspot.com.au/2011/12/custom-role-provider.html http://bojanskr.blogspot.com.au/2011/12/syntaxhighlighter.html http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
Upvotes: 0
Related Questions
- Policy-based authorization vs authorize with role in .Net Core
- ASP.NET Membership - Which RoleProvider to use so User.IsInRole() checks ActiveDirectory Groups?
- ASP.NET Identity - Confusion about [Authorize] And RoleManager
- Will a custom RoleProvider work with [Authorize] on action method in ASP.NET MVC?
- Can I just implement RoleProvider without MembershipProvider?
- User.IsInRole vs Roles.IsUserInRole in AuthenticateRequest
- MembershipProvider and RoleProvider - do I need to implement all of the required methods?
- Is it necessary to override the membership and the role providers?
- ASP.NET Role Provider vs Membership Provider
- Difference between Roles.GetRolesForUser and Roles.Provider.GetRolesForUser?