Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to add 'pass parameter' to custom AuthorizeAttribute

I want to secure controller action so that only users with role "Admin" can get in.
I don't use Role/Membership provider at all everything is custom.
I made this so far:

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);            
        if (!isAuthorized)
            return false;

        string username = httpContext.User.Identity.Name;

        UserRepository repo = new UserRepository();

        return repo.IsUserInRole(username, "Admin");
    }
}

Notice that I hardcoded "Admin" here.
I want that this be dynamic.
This work now:

[CustomAuthorize]
        public ActionResult RestrictedArea()...

But I want something like this:

[CustomAuthorize(Roles = "Admin")]
        public ActionResult RestrictedArea()
like image 261
1110 Avatar asked Feb 23 '13 16:02

1110


Video Answer


1 Answers

AuthorizeAttribute already has Roles property which can be used for this purpose:

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);            
        if (!isAuthorized)
        {
            return false;
        }

        string username = httpContext.User.Identity.Name;

        UserRepository repo = new UserRepository();

        return repo.IsUserInRole(username, this.Roles);
    }
}
like image 102
Zbigniew Avatar answered Sep 30 '22 17:09

Zbigniew