Gabriel Battista
Reputation: 1
Role based security asp.net mvc Trying to pass a Method
I want to be clear, I had have trying almost that I can image.
My las shoot was something like.
[Authorize()]
[Secure(Roles = ActionRole.Admin.ToString())]
public class ActionController : Controller
{
public enum ActionRole
{
Admin,
Recruter,
Sales,
Developer
}
}
And my original Idea.
[Authorize()]
[Secure(Roles = MyRoleClass.GetAuthorizedRolesForThisAction("ActionController"))]
public class ActionController : Controller
{
//ActionController Related Code.
}
public Class MyRoleClass(){
Public strgin GetAuthorizedRolesForThisAction(string Controller){
//Accessing my DB and the searching is not the hard part here.
}
}
I get this error.
Error 1 An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
I'm trying to do this, because is not my Idea that every time that I have to change the Controller Roles Permission.... If any one have an Idea, will be appreciated.
Upvotes: 0
Views: 84
Answers (2)
Gabriel Battista
Reputation: 1
[Authorize()]
[Secure(Roles = "Contact/Index")]
public ActionResult Index()
{
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//Get the user permissions from the Session.
//Using it every time that I get the controller and the action
}
Hope this may help someone. Thanks.
Upvotes: 0
Simon C
Reputation: 9508
You could probably do something like this with a custom AuthorizeAttribute. This adds a step that sets the Authorize attributes Roles before continuing with the OnAuthorization step.
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class SecureAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext) {
var controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
this.Roles = string.Join(",", MyRoleClass.GetAuthorizedRolesForThisAction(controller));
base.OnAuthorization(filterContext);
}
}
Then you should be able to just add the Secure attribute decoration:
[Secure]
public class ActionController : Controller
{
//ActionController Related Code.
}
Upvotes: 1
Related Questions
- Implementing role-based authorization using .NET MVC 5
- How to use autentication with roles on ASP.NET MVC
- How to add Role based Authorization
- Role based controller access
- Role based security asp.net mvc
- Dynamic role based authorization on method
- How to provide access of action methods for particular user in a controller in asp.net mvc
- asp.net MVC role based access to controller
- How do I allow access to a method in MVC?
- Unable to pass data form SecurityAttribute class to controller in MVC3