ASP.Net MVC Security AuthorizeAttribute

Question

I'm making a MVC4 with EF6 web application where Administrators are allowed access to certain pages. In this case the Administrators are allowed to access the Departments page.

I differentiated my administrators from normal users by using public bool IsAdministrator { get; set; } in my User.cs class.

Whenever I sign into a user account where isAdministrator = true and I try click on my Department's index.cshtml it redirects me to the log in page instead of the Department page. Am I using AuthorizeAttribute correctly?

DepartmentController.cs

   [Authorize(Roles = "isAdministrator")]
    public class DepartmentController : Controller
    {
          ...
    }

Users.cs

public class User
{
    public int UserID { get; set; }

    public bool IsAdministrator { get; set; }
}

score 2 · Answer 1 · edited May 23 '17 at 12:31

2

Have you setup the Role isAdministrator ?

A simple boolean property in a class is not going to do this for you.

Refer to the following articles for more information about how to use / create Roles.

creating-roles-in-asp-net-identity-mvc-5

Extending-and-Modifying-Roles

edited May 23 '17 at 12:31

Community

1
1

answered Mar 21 '16 at 22:59

MikeDub

5,143
3
27
44

Yeah I haven't ! I'll look into the links you've suggested. – TykiMikk Mar 21 '16 at 23:03

ASP.Net MVC Security AuthorizeAttribute

1 Answers1