Menu
Im writing this webapp and want to authorize controllers by mixed conditions. For example:
I want to allow acces if user is in role "Administrator" or its username is "programad", like this:
[Authorize(Roles = "Administrator", Users = "programad")]
I want that, because when I first register myself on the application (for testing, dev process etc) I am not Administrator yet. I want to get the first acces by my username so then I can put myself on the Administrator role.
I put that on the controller level but doesn't seem to work, it asks me to logon again and it denies me access even when I enter my credentials.
How can I authorize by my username and/or by my role?
710
This is because the AuthorizeAttribute is saying a user must be in the "Administrator" role AND named "programad". The easiest workaround would be to create another role, place the user "programad" in it and then Change your AuthorizeAttribute to
[Authorize(Roles = "Administrator, NewRole")]
where NewRole is whatever you name the new role to contain user "programad".
If you really need to change the AuthorizeAttribute to behave with the role OR user, you will need to create a new class that derives from AuthorizeAttribute and overrides the AuthorizeCore method filling in your authorization logic.
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
