Menu
Right now I decorate a method like this to allow "members" to access my controller action
[Authorize(Roles="members")] How do I allow more than one role? For example the following does not work but it shows what I am trying to do (allow "members" and "admin" access):
[Authorize(Roles="members", "admin")] 
558
Role-based authorization checks specify which roles which the current user must be a member of to access the requested resource. The controller SalaryController is only accessible by users who are members of the HRManager role or the Finance role.
Authorization in ASP.NET Core is controlled with AuthorizeAttribute and its various parameters. In its most basic form, applying the [Authorize] attribute to a controller, action, or Razor Page, limits access to that component to authenticated users.
Another option is to use a single authorize filter as you posted but remove the inner quotations.
[Authorize(Roles="members,admin")] If you want use custom roles, you can do this:
CustomRoles class:
public static class CustomRoles { public const string Administrator = "Administrador"; public const string User = "Usuario"; } Usage
[Authorize(Roles = CustomRoles.Administrator +","+ CustomRoles.User)] If you have few roles, maybe you can combine them (for clarity) like this:
public static class CustomRoles { public const string Administrator = "Administrador"; public const string User = "Usuario"; public const string AdministratorOrUser = Administrator + "," + User; } Usage
[Authorize(Roles = CustomRoles.AdministratorOrUser)] If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
