Allow Multiple Providers with Authorize Attribute

Asked

Viewed 147 times

2

I’m trying to implement permissioning by Roles within my controller:

   [PerfilFiltro(Roles = "Administrador,Caixa")]
   public ActionResult Index()
    {
        return View(db.Adicional.ToList());
    } 

 

 public class PerfilFiltro : AuthorizeAttribute
{

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
            filterContext.HttpContext.Response.Redirect("/Home/Negado");
    }


}

I want to do it this way:
*The Administrator OR box profiles can open the Index.
What happens when I put between commas is that the role of the logged in user must be administrator and cashier, but I want administrator or cashier.

  • This is kind of weird... it was supposed to be working. Test without the Profiler class. Use Authorize.

1 answer

1


Apparently everything is ok, but just in case, if you want to test the validation behavior, try reimplementing the method AuthorizeCore and debug inside it:

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    var isAuthorized = base.AuthorizeCore(httpContext);
    return isAuthorized;
}

By the way, you can modify this method and implement the behavior you want, if you deem it necessary.

  • I understand, I’m going to do a test also only with Authorize as @Daniloloko suggested, but I don’t think that’s it. I searched and on some sites like this:http://devbrasil.net/profiles/blogs/authenticat-o-e-permiss-de-usu-rios-em-asp-net-mvc-4. which say that when you put the Scroll between commas the user must have all the roles typed to access the controller and that’s not what I want.

  • @crs0794 Not necessarily. I have a 3 systems that use the [Authorize] and all work with conjunction ("or"), not as disjunction ("and"), but finally, do the test.

  • 1

    Thanks, it worked!! I was not recording the user logged in to the Setauthcookie method for lack of a configuration on the web.config

  • @crs0794 Feel free to change my answer and put this setting.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.