Error using ConfigurationManager.AppSettings.Get() in ASP MVC3 site

Question

I am trying to use the Authorize class in my ASP MVC3 app. Unfortunately due to business rules I need to pull the Roles from our web.config, however this is throwing the following exception:

An attribute must be a constant expression, typeof or array creation expression of an attribute parameter type

Here is the code I'm referencing.

[Authorize(Roles = ConfigurationManager.AppSettings.Get("user"))]
public class AdminController : Controller
{

Here is the user section of my web.config

<add key="user" value="SA\\Application.MortalityConcentrationRA.Dev.Users" />

Can you show the appsetting section of your web.config. – Mike C. Mar 06 '13 at 18:39 — Mike C., Mar 06 '13 at 18:39

HitLikeAHammer · Accepted Answer · 2013-03-08T00:22:15.700

Try creating a custom authorize attribute like this:

public class MyAuthorizeAttribute : AuthorizeAttribute
    {
        public MyAuthorizeAttribute()
        {
            this.Roles = ConfigurationManager.AppSettings["user"];
        }

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            return base.AuthorizeCore(httpContext);
        }
}

And using it in your controller like this:

[MyAuthorize]
public class HomeController : Controller
{
  //code here
}

score 0 · Answer 2 · edited May 23 '17 at 12:08

I'm afraid you'll need a custom authorize attribute. I looked around a bit and didn't find any other possible solution. The current attribute is requiring a constant, and I just do not know of a way to have your config.AppSettings[] ever be a constant value (it's pretty much by definition not a constant).

Have a look at this SO post that explains pretty much exactly what you need to do. You question is almost a duplicate of this one (which is good for you, there's already an answer).

Error using ConfigurationManager.AppSettings.Get() in ASP MVC3 site

2 Answers2