Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Dynamic security for ASP.NET MVC

Tags:

security

asp.net-mvc

I'm designing an app in ASP.NET MVC, and the usual way to protect actions is by the attribute Authorize which protects an entire action.

[Authorize(Roles = "Managers")]
public AtionResult Info(int employeeId )

However, in our design the application is highly data driven. An action on one set of data might be allowed, and on another set of data not be allowed.

//OK
http://host/Employee/Info/102

//Not OK
http://host/Employee/Info/105

What pattern should we use for security for this design?

like image 332
C. Ross Avatar asked Mar 16 '26 06:03

C. Ross

1 Answers

You can create a derived Authorize attribute to do whatever you want.

public class DynamicSecurity : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        //go to db
        return true;
    }
}
like image 164
John Farrell Avatar answered Mar 18 '26 05:03

John Farrell
Sign in to Comment

Related questions

Autoincrement Id in list
Why does my list return only last row?
How to prepare the controllers to use Session but be testable?
Is it possible to change url route parameter with another value
Using Custom RoleProvider with Windows Identity Foundation - STS
Keeping no business logic in the UI layer of an Asp.net MVC 4 project
Pass complex objects using ajax MVC
ASP.Net MVC Delete record with a FK Constraint

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!