How to write AuthorizeAttribute if a role contains space

Question

I am using MVC3/4. But it is just a general question in authorization.

One of the role I have is named "Trip Leader" in the database, which contains a space.

I tried [Authorize(Roles="'Trip Leader', Administrator")] but it failed to work. Can anyone help?

Answer 1

Create your own attribute and derive from AuthorizeAttribute. Then override the AuthorizeCore method and implement your own logic with validation on a role that contains a space.

An example could be something like this:

    public class CustomAuthAttribute : AuthorizeAttribute
    {
       private readonly IUserRoleService _userRoleService;
       private string[] _allowedRoles;
    
       public CustomAuthAttribute(params string[] roles)
       {
          _userRoleService = new UserRoleService();
          _allowedRoles = roles;
       }
       protected override bool AuthorizeCore(HttpContextBase httpContext)
       {
        //something like this.
        var userName = httpContext.User.Identity.Name;
        var userRoles = _userRoleService .GetUserRoles(userName); // return list of strings
        return _allowedRoles.Any(x => userRoles.Contains(x));
       }
   }

Usage

[CustomAuth("role withspace","admin")]
public ActionResult Index()
{
}