Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Override/Disable Authorization in ASP.NET MVC 3

I wondered if it is possible to disable/override all authorization attributes.

On the development machine, Active directory organization is completely different from production environment's. When I develop/test on development environment I have to "remove" all authorization attributes.

Different types of active directory groups (in Authorize attribute) are used in controller action methods.

[Authorize]
...

[Authorize(Roles="domain\HR")]
...

[Authorize(Roles="domain\IT")]
...

Thanks in advance..

like image 900
Turkdogan Tasdelen Avatar asked Mar 20 '12 08:03

Turkdogan Tasdelen


2 Answers

I'd do the following:

  1. Write custom authorization attribute which will work as default in Release and always allow action in Debug, i.e.

    public class MyAuthorizeAttribute: AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            #if DEBUG
            return true;
            #else
            return base.AuthorizeCore(httpContext);
            #endif
        }
    }
    
  2. Replace all existing Authorize attributes in code with your own, i.e.

    [MyAuthorize]
    ...
    
    [MyAuthorize(Roles="domain\HR")]
    ...
    
    [MyAuthorize(Roles="domain\IT")]
    ...
    
  3. Always develop in Debug mode and publish in Release mode

If you don't wish to be bound to Debug/Release thing you can specify your own conditional compilation symbol in project configuration - for example, DEVTEST and replace DEBUG with DEVTEST in step 1 code.

like image 86
Sergey Kudriavtsev Avatar answered Sep 30 '22 17:09

Sergey Kudriavtsev


You can simply add #if like below.

#if !DEBUG
[Authorize]
#endif
public class AccountController : BaseApiController
{
like image 20
Yashwant Shukla Avatar answered Sep 30 '22 18:09

Yashwant Shukla