I've 3 models [User, Role, and UserRole]
Use {ID [PK], Name, Email, Password, .....} Role {ID [PK], Name, Description, .......} UserRole {UserID [FK], RoleID [FK]}
Consider, the Role-based Authorization on controller using the [Authorize] attribute specifying that the user must be in the Administrator role to access any controller action in the class
[Authorize(Roles = "Administrator")]
public class PageController : Controller
{
// Controller code here
}
This is fine, What I need is,
Is there any way to assign my Role Collection to [Authorize] attribute? for example
I'll Fetch Assigned roles from Logged in User and store it in List. Is it possible to assign this List to [Authorize] attribute? something like as follows:
[Authorize(Roles = MyDynamicallyLoadedList)]
public class PageController : Controller
{
// Controller code here
}
Role-based authorization enables customer management of users and their roles independently from Payment Feature Services. Role-based authorization has a user registry that is not part of Payment Feature Services. This authorization is optional and does not replace the current model.
Choose MVC5 Controller with views, using Entity Framework and click "Add". After clicking on "Add", another window will appear. Choose Model Class and data context class and click "Add". The EmployeesController will be added under the Controllers folder with respective views.
Role-based access control (RBAC) refers to the idea of assigning permissions to users based on their role within an organization. It offers a simple, manageable approach to access management that is less prone to error than assigning permissions to users individually.
Well, two problems.
First, you can't use a List as an Attribute's parameter. You can use an array instead. http://msdn.microsoft.com/fr-fr/library/ms177221%28v=vs.100%29.aspx
Second, attributes parameter's values must be known at compile time : your list's content will only be known at runtime.
You'll get a message like :
An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
Solution would be to create a new Authorization attribute (inheriting from AuthorizeAttribute
), and override AuthorizedCore
A example (that you could adapt to your problematic) can be found here
Yes.
GenericPrincipal
Thread.CurrentPrincipal
and HttpContext.Current.User
Example:
protected void Application_OnPostAuthenticateRequest(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
string[] rolelist = GetRoleListForUserFromAPI(User.Identity.Name);
HttpContext.Current.User = new GenericPrincipal(User.Identity, rolelist);
Thread.CurrentPrincipal = HttpContext.Current.User;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With