Asp.net mvc authorize attribute integrated with a parameter

Question

I want to use an [Authorize()] attribute in the following way on an action:

[Authorize(Roles = "Administrator" or UserId == id)]
public ActionResult Edit(int id){ }

Right now I'm using logics like this:

    public ActionResult Edit(int id)
    {
        if (User.IsInRole("Administrator") || User.Identity.Name.Equals(id))
        { }
    }

score 3 · Accepted Answer · edited May 23 '17 at 12:18

3

No, but you an access everything piece of functionality the controller has inside the Attribute:

See:

How to pass parameters to a custom ActionFilter in ASP.NET MVC 2?

edited May 23 '17 at 12:18

Community

1
1

answered Jan 12 '11 at 16:21

John Farrell

24,673
10
77
110

score 2 · Answer 2 · answered Jan 12 '11 at 16:17

2

You can't. In .NET attributes can use only constant values. On the other hand you could write a custom authorize attribute deriving from the standard one and in the AuthorizeCore method implement this logic.

answered Jan 12 '11 at 16:17

Darin Dimitrov

1,023,142
271
3,287
2,928

Asp.net mvc authorize attribute integrated with a parameter

2 Answers2

Linked