ASP.NET MVC - user authorize in controller

Question

I have table in my database with names of users (with domains, for example: Domain1\user1). My project has Windows Authentication. I have two controllers - one for all logged in users and second for specific user. My table has 3 columns: (Id, Name, Extra), where "Extra" is only fill for user, who is admin (it has varchar: "admin").
I want to create such authorization, where only admin will have access to site with second controller. How to write it?

For any suggestions I will be very appreciate.
Thanks in advance for help. ;)
Monic

====Edit====
from example: ASP.NET MVC 4 Custom Authorize Attribute with Permission Codes (without roles)

In my main controller:

[AuthorizeUser(AccessLevel = "Extra")]  
public class SecureController : Controller
{
      (...) 
}



public class AuthorizeUserAttribute : AuthorizeAttribute
{
    public string AccessLevel { get; set; }
    private Report_DBEnt REn = new Report_DBEnt(); 

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
        {
            return false;
        }


        string privilegeLevels = string.Join("", REn.Users.Where(u => u.Extra.Equals("admin")).FirstOrDefault()); 

        if (privilegeLevels.Contains(this.AccessLevel))
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}

I've tried use it sth like this, but I have no access to my site.

You have to create your own Filter. http://stackoverflow.com/questions/13264496/asp-net-mvc-4-custom-authorize-attribute-with-permission-codes-without-roles — , Apr 14 '14 at 08:35
I know this. But I want to find user who is admin using searching certain row in column Extra - and I don't know how to implement this... What is AccessLevel in the example you provided? — Monic, Apr 14 '14 at 08:53
Ok, so then how I should write method to get what I want from my DB? I see that I have to change this line: `string privilegeLevels = string.Join("", GetUserRights(httpContext.User.Identity.Name.ToString()));` but how? When I want use before it: `private Reports_DBEnt REn = new Reports_DBEnt();` and then `string privilegeLevels = string.Join("", REn.Users....);` it doesn't work. — Monic, Apr 14 '14 at 09:27
I've updated my question.`REn.Users.Where(u=> u.Extra == "admin");` also doesn't work. Maybe I use `AccessLevel` bad? — Monic, Apr 14 '14 at 10:05
In the `FilterConfig.cs` file you should add the custom Authorize Attribute `filters.Add(new AuthorizeUserAttribute());` — , Apr 14 '14 at 10:41
How can I show my model and what you want to see? Adding custom Authorize Attribute caused showing error that `privilegeLevels` couldn't be null. — Monic, Apr 14 '14 at 10:48

score 1 · Accepted Answer · 2014-04-14T11:11:52.033

1

Try this:

[AuthorizeUser(AccessLevel = "admin")]  
public class SecureController : Controller
{
  (...) 
}

Hope it will help

Update

  public class AuthorizeUserAttribute : AuthorizeAttribute
  {
    public string AccessLevel { get; set; }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
      if(httpContext.User.Identity.IsAuthenticated)
       {
         string privilegeLevels = string.Join("",GetUserRights(httpContext.User.Identity.Name.ToString()); 

         if (privilegeLevels.Contains(this.AccessLevel))
          {
           return true;
           }
         else
           {
           return false;
           }
       }
     else
     return false;

    }
}

   private string GetUserRights(string userName)
   {
     private Report_DBEnt REn = new Report_DBEnt();
     return REn.Users.Where(u => u.UserName== userName).Select(u=>u.Extra);
   }

edited Apr 14 '14 at 11:11

answered Apr 14 '14 at 10:13

It's not all. I think I have `privilegeLevels` bad. I should use somehow `httpContext.User.Identity.Name.ToString()`, shouldn't I? I've tried `string.Join("", REn.Users.Where(u => u.Name == httpContext.User.Identity.Name));` but I still haven't access. – Monic Apr 14 '14 at 10:21
Try to put a break point in the filter and see what happens inside the filter. – Apr 14 '14 at 10:34
I add: `var user = httpContext.User.Identity.Name; var user2 = REn.Users.Where(u => u.Name == user).FirstOrDefault();` and they are correct. But string `privilegeLevels` is badly formed, because returns null. – Monic Apr 14 '14 at 11:15
Is your `httpContext.User.Identity.Name` diiferent of `null`? – Apr 14 '14 at 11:21
Yeah, it wasn't null. Now everything works. :D I forget that I have to use `Select(u=>u.Extra)`. Thanks a lot!!! – Monic Apr 14 '14 at 11:33

ASP.NET MVC - user authorize in controller

1 Answers1

Update