Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Allow multiple roles to access controller action

Tags:

asp.net-mvc

roles

controller

Right now I decorate a method like this to allow "members" to access my controller action

[Authorize(Roles="members")]

How do I allow more than one role? For example the following does not work but it shows what I am trying to do (allow "members" and "admin" access):

[Authorize(Roles="members", "admin")]
like image 558
codette Avatar asked Mar 31 '09 05:03

codette

People also ask

How does role based authorization work?

Role-based authorization checks specify which roles which the current user must be a member of to access the requested resource. The controller SalaryController is only accessible by users who are members of the HRManager role or the Finance role.

What can be specified on an ASP NET core action to limit access to the action to only authenticated users?

Authorization in ASP.NET Core is controlled with AuthorizeAttribute and its various parameters. In its most basic form, applying the [Authorize] attribute to a controller, action, or Razor Page, limits access to that component to authenticated users.

2 Answers

Another option is to use a single authorize filter as you posted but remove the inner quotations.

[Authorize(Roles="members,admin")]
like image 169
Jim Schmehil Avatar answered Sep 26 '22 21:09

Jim Schmehil

If you want use custom roles, you can do this:

CustomRoles class: 

public static class CustomRoles {     public const string Administrator = "Administrador";     public const string User = "Usuario"; }

Usage

[Authorize(Roles = CustomRoles.Administrator +","+ CustomRoles.User)]

If you have few roles, maybe you can combine them (for clarity) like this:

public static class CustomRoles {      public const string Administrator = "Administrador";      public const string User = "Usuario";      public const string AdministratorOrUser = Administrator + "," + User;   }

Usage

[Authorize(Roles = CustomRoles.AdministratorOrUser)]
like image 36
Pablo Claus Avatar answered Sep 25 '22 21:09

Pablo Claus
Sign in to Comment

Related questions

NUnit vs. Visual Studio 2008's test projects for unit testing [closed]
Html5 data-* with asp.net mvc TextboxFor html attributes
ASP.NET MVC JsonResult Date Format
How to cache data in a MVC application
Serving favicon.ico in ASP.NET MVC
How to make custom error pages work in ASP.NET MVC 4
HTML.ActionLink method
Non-static method requires a target
Replace line break characters with <br /> in ASP.NET MVC Razor view
Using Ajax.BeginForm with ASP.NET MVC 3 Razor
Render partial from different folder (not shared)
Display a view from another controller in ASP.NET MVC
Why does AuthorizeAttribute redirect to the login page for authentication and authorization failures?
When should I use OWIN Katana?
How to get the current user in ASP.NET MVC
grid controls for ASP.NET MVC? [closed]
Date only from TextBoxFor()
How can I return camelCase JSON serialized by JSON.NET from ASP.NET MVC controller methods?
ASP.NET MVC - Find Absolute Path to the App_Data folder from Controller
How can I return the current action in an ASP.NET MVC view?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!