ASP.NET MVC 4 Custom Authorize Attribute with Permission Codes (without roles)

by

I could do this with a custom attribute as follows.

[AuthorizeUser(AccessLevel = "Create")]
public ActionResult CreateNewInvoice()
{
    //...
    return View();
}

Custom Attribute class as follows.

public class AuthorizeUserAttribute : AuthorizeAttribute
{
    // Custom property
    public string AccessLevel { get; set; }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
        {                
            return false;
        }

        string privilegeLevels = string.Join("", GetUserRights(httpContext.User.Identity.Name.ToString())); // Call another method to get rights of the user from DB

        return privilegeLevels.Contains(this.AccessLevel);           
    }
}

You can redirect an unauthorised user in your custom AuthorisationAttribute by overriding the HandleUnauthorizedRequest method:

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary(
                    new
                        { 
                            controller = "Error", 
                            action = "Unauthorised" 
                        })
                );
}

More Related Contents:

  1. ASP.NET MVC 4 custom Authorize attribute – How to redirect unauthorized users to error page? [duplicate]
  2. Submit same Partial View called multiple times data to controller?
  3. Pass data to layout that are common to all pages
  4. How to validate file type of HttpPostedFileBase attribute in Asp.Net MVC 4?
  5. How to add reference to System.Web.Optimization for MVC-3-converted-to-4 app
  6. How to use JWT in MVC application for authentication and authorization?
  7. Anti forgery token is meant for user “” but the current user is “username”
  8. How to add global ASP.Net Web Api Filters?
  9. Role based authentication in the new MVC 4 Internet template using simplemembership
  10. unobtrusive validation not working with dynamic content
  11. How to put conditional Required Attribute into class property to work with WEB API?
  12. Mixing Web Api and ASP.Net MVC Pages in One Project
  13. ViewModels or ViewBag?
  14. How do I use my own database with SimpleMembership and WebSecurity? What is MVC4 security all about?
  15. How to create ASP.NET Web API Url?
  16. ASP.NET 4.5 has not been registered on the Web server
  17. The required anti-forgery form field “__RequestVerificationToken” is not present Error in user Registration
  18. Accessing post or get parameters in custom authorization MVC4 Web Api
  19. MVC 4 Beta side by side installation error
  20. MVC 4 date culture issue?
  21. WebApi Json.NET custom date handling
  22. where should i place the js script files in a mvc application so jquery works well?
  23. What effect does the new precompile during publishing option have on MVC4 applications?
  24. ASP.NET MVC 4 Editor Template for basic types
  25. Automatic Migrations for ASP.NET SimpleMembershipProvider
  26. Problems implementing ValidatingAntiForgeryToken attribute for Web API with MVC 4 RC
  27. Convert value when mapping
  28. Dynamic Routes from database for ASP.NET MVC CMS
  29. Custom function throws a “You do not have the permission required to setValue” error
  30. How to add ASP.NET Membership Provider in a Empty MVC 4 Project Template?

Leave a Comment