Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Authorize Attribute MVC 3 & Web.Config AppSettings Value

Tags:

authentication

asp.net-mvc-3

Does anyone know if there is a way of using a value in Web.Config AppSettings section on an Authorize attribute for a controller in MVC3?

I am currently using something like this in web.config:

<add key="AdminRole" value="Admins"/>

, and then I tried pulling the into class and using the value on the Authorize attribute but .NET complains about the values not being constants, etc.

I just want to be able to use a value set in web.config to filter Authorization so that different deployments can use variations of role names based on their system configurations.

Any help would be appreciated, Thanks!

like image 793
M4V3R1CK Avatar asked Dec 17 '22 09:12

M4V3R1CK

2 Answers

Here's a working example:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeByConfig : AuthorizeAttribute
{

    /// <summary>
    /// Web.config appSetting key to get comma-delimited roles from
    /// </summary>
    public string RolesAppSettingKey { get; set; }

    /// <summary>
    /// Web.config appSetting key to get comma-delimited users from
    /// </summary>
    public string UsersAppSettingKey { get; set; }


    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {

        if (!String.IsNullOrEmpty(RolesAppSettingKey))
        {
            string roles = ConfigurationManager.AppSettings[RolesAppSettingKey];
            if (!String.IsNullOrEmpty(roles))
            {
                this.Roles = roles;
            }                
        }

        if (!String.IsNullOrEmpty(UsersAppSettingKey))
        {
            string users = ConfigurationManager.AppSettings[UsersAppSettingKey];
            if (!String.IsNullOrEmpty(users))
            {
                this.Users = users;
            }                
        }

        return base.AuthorizeCore(httpContext);
    }


}

And decorate your controller class or method like so: 

[AuthorizeByConfig(RolesAppSettingKey = "Authorize.Roles", UsersAppSettingKey = "Authorize.Users")]

Where Authorize.Roles and Authorize.Users are web.config appSettings.

like image 90
ScottE Avatar answered Dec 31 '22 04:12

ScottE

You would have to write your own AuthorizationAttribute class which at runtime reads the value from web.config. In .NET it is not possible to declare an attribute using runtime-dependent values.

like image 42
marcind Avatar answered Dec 31 '22 04:12

marcind
Sign in to Comment

Related questions

Could not load file or assembly 'EntityFramework' or one of its dependencies
How do I pass value to MVC3 master page ( _layout)?
Get data from a foreach partial view in razorview
MVC3 best way to log request
Using a foreign key in dropdown in mvc
SignalR authentication within a Controller?
ASP.NET MVC 3 - Detect Whether Current Page Was Redirected To in a Post Redirect Get Workflow
How to force MVC views errors to fail project compilation?
How to save selected DropDownList value in ASP.NET MVC model for POST?
MVC3 Add & Display Message through ModelState
Ajax.BeginForm not working with Html.ValidationSummary
How implement security with the mvcSiteMapProvider?
C# MVC3 ViewBag, how to use lists property in view within foreach statement?
How to configure dependency injection with ASP.NET MVC 3 RTM
ASP.NET MVC Converting null to zero-length string
Prevent multiple POST in asp.net mvc application
HOw to find value of hidden field from formcollection in controller
MVC2 to MVC3 IOC problem
Unit Test Controller Session Variables in MVC3
Resolve metadata displayname from model metadata?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!