stackoom
  简体   繁体   中英

How to add 'pass parameter' to custom AuthorizeAttribute

 原文  2013-02-23 16:34:17       c#/ asp.net-mvc/ asp.net-mvc-3/ custom-attributes

Question

I want to secure controller action so that only users with role "Admin" can get in.
I don't use Role/Membership provider at all everything is custom.
I made this so far: 

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);            
        if (!isAuthorized)
            return false;

        string username = httpContext.User.Identity.Name;

        UserRepository repo = new UserRepository();

        return repo.IsUserInRole(username, "Admin");
    }
}

Notice that I hardcoded "Admin" here.
I want that this be dynamic.
This work now: 

[CustomAuthorize]
        public ActionResult RestrictedArea()...

But I want something like this: 

[CustomAuthorize(Roles = "Admin")]
        public ActionResult RestrictedArea()

1 answers

solution1
 20 ACCPTED  2013-02-23 16:35:50

AuthorizeAttribute already has Roles property which can be used for this purpose: 

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);            
        if (!isAuthorized)
        {
            return false;
        }

        string username = httpContext.User.Identity.Name;

        UserRepository repo = new UserRepository();

        return repo.IsUserInRole(username, this.Roles);
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use Custom AuthorizeAttribute for controller utilizing parameter value? How add custom AuthorizeAttribute for some specific Controller use code on MVC? How to use custom AuthorizeAttribute with AJAX Custom AuthorizeAttribute How to return custom message from custom AuthorizeAttribute? How to allow [Authorize] inside a custom AuthorizeAttribute How to return PartialView with model from custom AuthorizeAttribute Pass connection string to custom AuthorizeAttribute in asp.net core ASP.Core Pass serviceprovider to constructor of custom AuthorizeAttribute How override the global AuthorizeAttribute when add same AuthorizeAttribute for some Action MVC?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM