Reputation: 1068
ASP.Net MVC Security AuthorizeAttribute
I'm making a MVC4 with EF6 web application where Administrators are allowed access to certain pages. In this case the Administrators are allowed to access the Departments page.
I differentiated my administrators from normal users by using public bool IsAdministrator { get; set; } in my User.cs class.
Whenever I sign into a user account where isAdministrator = true and I try click on my Department's index.cshtml it redirects me to the log in page instead of the Department page. Am I using AuthorizeAttribute correctly?
DepartmentController.cs
[Authorize(Roles = "isAdministrator")]
public class DepartmentController : Controller
{
...
}
Users.cs
public class User
{
public int UserID { get; set; }
public bool IsAdministrator { get; set; }
}
Upvotes: 0
Views: 107
Answers (1)
Reputation: 5283
Have you setup the Role isAdministrator ?
A simple boolean property in a class is not going to do this for you.
Refer to the following articles for more information about how to use / create Roles.
creating-roles-in-asp-net-identity-mvc-5
Upvotes: 2
Related Questions
- How do you create a custom AuthorizeAttribute in ASP.NET Core?
- How do you handle multiple submit buttons in ASP.NET MVC Framework?
- How to get all Errors from ASP.Net MVC modelState?
- Compile Views in ASP.NET MVC
- How to render an ASP.NET MVC view as a string?
- How do you create a dropdownlist from an enum in ASP.NET MVC?
- ASP.NET MVC - Set custom IIdentity or IPrincipal
- File Upload ASP.NET MVC 3.0
- How to get ELMAH to work with ASP.NET MVC [HandleError] attribute?
- StackOverFlowException was unhandled in CustomAuthorize AuthorizeAttribute