3

I have users that have one of those roles:

  • RoleA (Attribute: AuthorizeRoleA)
  • RoleB (Attribute: AuthorizeRoleB)

In my controller I want to say this:

Everyone that has role of type RoleA can access all the methods in this controller

[AuthorizeRoleA]
public class HomeController : Controller
{
        public ActionResult MethodOne()
        {
            return View();
        }

        public ActionResult MethodTwo()
        {
            return View();
        }

        //****** Make an exception ********
        //So in this case, let RoleA here, but let RoleB too.
        [AuthorizeRoleB] 
        public ActionResult MethodThree()
        {
            return View();
        }
}

And I have another controller:

Everyone that has role of type RoleB can access all the methods in this controller

Just RoleB! No one else.

[AuthorizeRoleB]
public class AnotherController : Controller
{
        public ActionResult Index()
        {
            return View();
        }
}

So, this should be similar with the Authorize attribute when is used to decorate the controller, and the AllowAnonymous when is used inside the same controller, but I don't know how to achieve this behavior with custom attributes(filters).

My goal is to create custom attributes, where I can say: In AuthorizeRoleA will be included n-roles and in AuthorizeRoleB will be included n-other roles. But AuthorizeRoleA will have highest priority than the other attributes.

Note: Maybe this is a duplicate, but I didn't find anything similar to this question.

ToTa
  • 3,304
  • 2
  • 19
  • 39
  • 2
    In Autorize attribute you can specify role, [Authorize(Roles="RoleA")] – DanielVorph Sep 22 '16 at 21:45
  • Optionally it can be used like this, if you want to allow more than one role [Authorize(Roles="RoleA, RoleB")] – nocturns2 Sep 22 '16 at 21:47
  • @DanielVorph consider this answer (case 1): http://stackoverflow.com/a/16713334 – ToTa Sep 22 '16 at 21:48
  • @nocturns2 yes, it was the first thing that pops in my mind, but I have n-controllers and n-actions, and I want to avoid that writing on every action/controller. Also in the future I might have n-roles, so than I'll have to rewrite all the Authorize attributes – ToTa Sep 22 '16 at 21:56
  • your question is about Method three in HomeController ? – DanielVorph Sep 22 '16 at 21:56
  • http://bitoftech.net/2015/03/31/asp-net-web-api-claims-authorization-with-asp-net-identity-2-1/ – DanielVorph Sep 22 '16 at 22:17

0 Answers0