Reputation: 898
I wondered if it is possible to disable/override all authorization attributes.
On the development machine, Active directory organization is completely different from production environment's. When I develop/test on development environment I have to "remove" all authorization attributes.
Different types of active directory groups (in Authorize attribute) are used in controller action methods.
[Authorize]
...
[Authorize(Roles="domain\HR")]
...
[Authorize(Roles="domain\IT")]
...
Thanks in advance..
Upvotes: 8
Views: 5445
Reputation: 37
You can simply add #if like below.
#if !DEBUG
[Authorize]
#endif
public class AccountController : BaseApiController
{
Upvotes: 2
Reputation: 10532
I'd do the following:
Write custom authorization attribute which will work as default in Release and always allow action in Debug, i.e.
public class MyAuthorizeAttribute: AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
#if DEBUG
return true;
#else
return base.AuthorizeCore(httpContext);
#endif
}
}
Replace all existing Authorize
attributes in code with your own, i.e.
[MyAuthorize]
...
[MyAuthorize(Roles="domain\HR")]
...
[MyAuthorize(Roles="domain\IT")]
...
Always develop in Debug mode and publish in Release mode
If you don't wish to be bound to Debug/Release thing you can specify your own conditional compilation symbol in project configuration - for example, DEVTEST
and replace DEBUG
with DEVTEST
in step 1 code.
Upvotes: 13
Reputation: 9271
Instead of overriding the AuthorizeAttribute
have you considered to implement your own?
You can create your attribute and handle the logic for the validation.
Something similar to this:
public class AuthorizeRolesAttribute : ActionFilterAttribute
{
public UserProfileRole[] Roles { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var profile = ((ETMembershipUser)Membership.GetUser()).Profile;
if (profile != null)
{
foreach (UserProfileRole role in Roles)
{
if (role == profile.Role)
return;
}
}
//throw new SecurityException("You can not access this page");
RouteValueDictionary redirectTargetDictionary = new RouteValueDictionary();
redirectTargetDictionary.Add("action", "Index");
redirectTargetDictionary.Add("controller", "Home");
filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
}
}
Upvotes: 0