4

Does anyone know if there is a way of using a value in Web.Config AppSettings section on an Authorize attribute for a controller in MVC3?

I am currently using something like this in web.config:

<add key="AdminRole" value="Admins"/>

, and then I tried pulling the into class and using the value on the Authorize attribute but .NET complains about the values not being constants, etc.

I just want to be able to use a value set in web.config to filter Authorization so that different deployments can use variations of role names based on their system configurations.

Any help would be appreciated, Thanks!

Improve this question

2 Answers 2

Reset to default
7

Here's a working example:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeByConfig : AuthorizeAttribute
{

    /// <summary>
    /// Web.config appSetting key to get comma-delimited roles from
    /// </summary>
    public string RolesAppSettingKey { get; set; }

    /// <summary>
    /// Web.config appSetting key to get comma-delimited users from
    /// </summary>
    public string UsersAppSettingKey { get; set; }


    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {

        if (!String.IsNullOrEmpty(RolesAppSettingKey))
        {
            string roles = ConfigurationManager.AppSettings[RolesAppSettingKey];
            if (!String.IsNullOrEmpty(roles))
            {
                this.Roles = roles;
            }                
        }

        if (!String.IsNullOrEmpty(UsersAppSettingKey))
        {
            string users = ConfigurationManager.AppSettings[UsersAppSettingKey];
            if (!String.IsNullOrEmpty(users))
            {
                this.Users = users;
            }                
        }

        return base.AuthorizeCore(httpContext);
    }


}

And decorate your controller class or method like so: 

[AuthorizeByConfig(RolesAppSettingKey = "Authorize.Roles", UsersAppSettingKey = "Authorize.Users")]

Where Authorize.Roles and Authorize.Users are web.config appSettings.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

5

You would have to write your own AuthorizationAttribute class which at runtime reads the value from web.config. In .NET it is not possible to declare an attribute using runtime-dependent values.

Improve this answer

3 Comments

This seems like overkill. You think I would be better off creating an installation requirement that creates the specific role names I use in MVC?
@M4V3R1CK, custom authorization attributes are not heavy. check out msdn.microsoft.com/en-us/library/ee707357(v=vs.91).aspx
Has anybody come across occurrences where MVC does not recognize roles from Windows? I thought that roles translated to groups in Windows, but for some reason when I add a user to a group, check in MVC (using windows authentication) if that user.IsInRole("GroupJustAddedTo") always returns false. I have no idea why....Working in Server 2003 R2 with Windows Authentication enabled around the board. Confused :~( ???

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.