19

I am creating an MVC application with forms auth. I am authenticating against active directory and so have created a custom RoleProvider. My application is only concerned with a small set of roles which up until now I have been defining in the appSettings section of my web.config:

<appSettings>
  <add key="DirectorRole" value="Domain\Directors" />
  <add key="ManagementRole" value="Domain\Managers" />
  ...
</appSettings>

However I have run into a couple of problems with this approach:

  1. I cannot reference these setting in my contoller data annotations: [Authorize(Roles = ConfigurationManager.AppSettings["DirectorRole"])] as it wont compile so I have to specify the name of the group again: [Authorize(Roles = "Domain\\Directors")].
  2. In my web.config, I would like to specify the groupsToUse for my role provider and just reference a pre-existing list, rather than maintain two seperate lists of the same set of roles.

It seems that there must be a better/reusable way to define the roles in the web.config, can someone point me in the right direction please?

James
  • 1,979
  • 5
  • 24
  • 52

2 Answers2

27

I would prefer using a custom authorize attribute. Like this one.

public class MyAuthorizeAttribute : AuthorizeAttribute {

    public MyAuthorizeAttribute(params string[] roleKeys) {
        List<string> roles = new List<string>(roleKeys.Length);

        //foreach(var roleKey in roleKeys) {
            //roles.Add(ConfigurationManager.AppSettings["DirectorRole"]);
        //}
        var allRoles = (NameValueCollection)ConfigurationManager.GetSection("roles");
        foreach(var roleKey in roleKeys) {
            roles.Add(allRoles[roleKey]);
        }

        this.Roles = string.Join(",", roles);
    }
}

In your controller, use:

[MyAuthorize("DirectorRole")]

In your web.config

  <configSections>
    <section
      name="roles"
      type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </configSections>

  <roles>
    <add key="DirectorRole" value="Domain\Directors" />
    <add key="ManagementRole" value="Domain\Managers" />
  </roles>

I hope this will solve your first problem just fine. And twiking a little will solve the second one too.

Mohayemin
  • 3,841
  • 4
  • 25
  • 54
  • Is there a specific place in the web.config to place a list of roles rather than just in the section? – James Jul 19 '12 at 08:03
  • @james: I am not sure if there is any specific place. But you can certainly make a room for your roles. Have a look in [here](http://stackoverflow.com/a/338310/887149) – Mohayemin Jul 19 '12 at 09:04
  • What is Role? this.Roles = string.Join(",", roles); is it a typo and meant to be role? – Phil3992 May 09 '17 at 13:31
  • @Phil3992: did it cause any compilation error? I guess Role is a property of AuthorizeAttribute. – Mohayemin May 10 '17 at 07:09
  • @Mohayemin Yeah for me Roles is not recognised. Even after adding system.web.mvc reference – Phil3992 May 10 '17 at 08:18
  • @Phil3992: this should work. may be you have other issues for which its not workin. – Mohayemin May 10 '17 at 08:21
  • @Mohayemin Not wanting to hijack the post, but I can confirm it works. Cleaned the project. Good to go! – Phil3992 May 10 '17 at 08:40
0

Please have a look at this excellent example, in which author talks about the problem you are facing.

http://www.ryanmwright.com/2010/04/25/dynamic-controlleraction-authorization-in-asp-net-mvc/

Anand
  • 14,545
  • 8
  • 32
  • 44