How to use custom Authorize attribute for roles as well as a specific user?

by

You could write a custom authorize attribute:

public class AuthorizeAdminOrOwnerOfPostAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var authorized = base.AuthorizeCore(httpContext);
        if (!authorized)
        {
            // The user is not authenticated
            return false;
        }

        var user = httpContext.User;
        if (user.IsInRole("Admin"))
        {
            // Administrator => let him in
            return true;
        }

        var rd = httpContext.Request.RequestContext.RouteData;
        var id = rd.Values["id"] as string;
        if (string.IsNullOrEmpty(id))
        {
            // No id was specified => we do not allow access
            return false;
        }

        return IsOwnerOfPost(user.Identity.Name, id);
    }

    private bool IsOwnerOfPost(string username, string postId)
    {
        // TODO: you know what to do here
        throw new NotImplementedException();
    }
}

and then decorate your controller action with it:

[AuthorizeAdminOrOwnerOfPost]
public ActionResult EditPosts(int id)
{
    return View();
}

More Related Contents:

  1. Determine if a number can be made with prepicked numbers and times
  2. Path.Combine for URLs?
  3. Prevent Caching in ASP.NET MVC for specific actions using an attribute
  4. Run async method regularly with specified interval
  5. Could not find a part of the path … bin\roslyn\csc.exe
  6. How to use non-thread-safe async/await APIs and patterns with ASP.NET Web API?
  7. ASP.NET MVC Global Variables
  8. DropdownList DataSource
  9. Adding your own HtmlHelper in ASP.NET MVC 3
  10. Printing to a client printer from a web app
  11. ViewModel validation for a List
  12. Do asynchronous operations in ASP.NET MVC use a thread from ThreadPool on .NET 4
  13. How to elegantly deal with timezones
  14. How can I remove item from querystring in asp.net using c#?
  15. ASP.NET MVC Razor render without encoding
  16. No authenticationScheme was specified, and there was no DefaultChallengeScheme found with default authentification and custom authorization
  17. When `PostAuthenticateRequest` gets execute?
  18. Could not load file or assembly ‘Microsoft.ReportViewer.Common, Version=11.0.0.0
  19. Encrypting Web.Config
  20. How can I handle forms authentication timeout exceptions in ASP.NET?
  21. MEF with MVC 4 or 5 – Pluggable Architecture (2014)
  22. How do I force full post-back from a button within an UpdatePanel?
  23. Multiples Table in DataReader
  24. Redirect to another page when user is not authorized in asp.net mvc3
  25. ThreadStaticAttribute in ASP.NET
  26. Unable to find the requested .Net Framework Data Provider. It may not be installed
  27. System.web.mvc missing
  28. How to convert DataTable to class Object?
  29. How to implement Security Protocols TLS 1.2 in .Net 3.5 framework
  30. Can gzip compression be selectively disabled in ASP.NET/IIS 7?

Leave a Comment