0

I have following customize class for dynamic role assignment:

 public class DynamicAuthorizeAttribute : AuthorizeAttribute
    {
        IVRControlPanelRepository repository = new IVRControlPanelRepository();
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var controllerName = httpContext.Request.RequestContext.RouteData.Values["controller"];
            var actionName = httpContext.Request.RequestContext.RouteData.Values["action"];
            string controller = controllerName.ToString() + "Controller";
            string action = actionName.ToString();    
            repository.GetAssignRole(controller, action);    
            GetRolesFromDatabase(controllerName, actionName);
             //  Roles = "Role1,Role2,Role3"; 
            Roles = repository.GetAssignRole(controller, action);    
            return base.AuthorizeCore(httpContext);
        }
    }

Following is the function to return the string of role seperated with comma

public string GetAssignRole(string controllername, string actionname)
        {
            using (AppEntities db = new AppEntities())
            {
                var result = from u in db.AssignRoles where (u.ControllerName == controllername && u.ActionName == actionname) select u;                    
                if (result.Count() != 0)
                {
                    var rol = result.FirstOrDefault();    
                    return rol.Role;
                }
                else
                {
                    return "";
                }                    
            }      
        }

I have placed Attributes [DynamicAuthorizeAttribute] to all action of all controller.

Problem:

If the Roles is empty returned from GetAssignRole() It is redirected to LogOn. But I actually want to assigned as unauthorized access to the action if the Roles="" in above code. It works properly if the Roles="Administrator,Member" What should be changed in above function in order to access the action by anonymous user or anyone if the Roles is empty string returned from GetAssignRole().

Improve this question

2 Answers 2

Reset to default
4

Well, as far as I know there are several opportunities to do it

First, you can override OnAuthorization and fill Roles property here. After that just check Roles count and make decision to call AuthorizeCore or just return (in this case you copy tactics AuthorizeAttribute's developers)

Second, use AllowAnonymous attribute

Third, create your own anonymous role for every user as default role

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If I understood right, you need:

...
Roles = repository.GetAssignRole(controller, action);    
if (Roles.Length == 0) return true;
return base.AuthorizeCore(httpContext);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.