English 中文(简体)
Configure authorized roles dynamically via a config file in MVC Application
原标题:

I current have the following attribute decorating one of the action method.

[Authorize(Roles = "Admin")]
public ActionResult DoAdminTask()
{
//Do something

   return View();
}

Currently, only users in the Admin role can invoke this method, but this will change. Is there anyway I can store a list of authorised roles in a config file, rather than hard coding it into the source?

EDIT: Roles will change over time, and more than 1 role will need access. i.e. Users in either role A OR role B can access.

最佳回答

No way to do this with the standard authorize attribute, but you could extend the authorize attribute with your own custom authorize attribute and have it use a configuration file to determine the mapping between controller/action and the set of roles.

问题回答

but you can use something like

public static class AppRoles
{
    public const string Users = "UsersRoleName";
    public const string Admin = "AdminRoleName";
}

and then Controller can have authorize attribute as

[Authorize(Roles = AppRoles.Admin)]

I felt this question deserved an answer with a code sample... Taking @tvanfosson s suggestion of extending the AuthorizeAttribute class, here s what I came up with (criticism is more than welcome).

AuthorizeFromConfiguration.cs:

public class AuthorizeFromConfiguration: AuthorizeAttribute
{
    public new string Roles
    {
        get {
            return base.Roles;
        }
        set {
            var config = new ConfigurationBuilder()
                .SetBasePath(Environment.CurrentDirectory)
                .AddJsonFile("authorization.json")
                .Build();
            base.Roles = config[value];
        }
    }
}

authorization.json:

{
    "Parts": {
        "Create": "contoso.com\MyWebApp_CreateNewPart",
        "Edit": "contoso.com\MyWebApp_EditPart"
    }
}

Example Usage:

[AuthorizeFromConfiguration(Roles = "Parts:Create")]
public class CreateModel : PageModel
{
    //...
}

Note: In my testing, the web-site had to be restarted before any changes to authorization.json file took effect, even when I tried changing the logic so that the JSON file was read on the get accessor instead of the set.





相关问题
WebForms and ASP.NET MVC co-existence

I am trying to make a WebForms project and ASP.NET MVC per this question. One of the things I ve done to make that happen is that I added a namespaces node to the WebForms web.config: <pages ...

Post back complex object from client side

I m using ASP.NET MVC and Entity Framework. I m going to pass a complex entity to the client side and allow the user to modify it, and post it back to the controller. But I don t know how to do that ...

Create an incremental placeholder in NHaml

What I want to reach is a way to add a script and style placeholder in my master. They will include my initial site.css and jquery.js files. Each haml page or partial can then add their own required ...

asp.net mvc automapper parsing

let s say we have something like this public class Person { public string Name {get; set;} public Country Country {get; set;} } public class PersonViewModel { public Person Person {get; ...

structureMap mocks stub help

I have an BLL that does validation on user input then inserts a parent(PorEO) and then inserts children(PorBoxEO). So there are two calls to the same InsertJCDC. One like this=>InsertJCDC(fakePor)...

ASP.NET MVC: How should it work with subversion?

So, I have an asp.net mvc app that is being worked on by multiple developers in differing capacities. This is our first time working on a mvc app and my first time working with .NET. Our app does not ...

System.Web.Mvc.Controller Initialize

i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...

热门标签