Home/ Questions/Q 385691
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T15:30:16+00:00

How can I include a user regardless of his role, dependent on a matching

  • 0

How can I include a user regardless of his role, dependent on a matching userID, and not always same user: 

 [Authorize(Roles="Group1") AND userID=uniqueID]
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You won’t be able to do this with the default AuthorizeAttribute. You will need to extend AuthorizeAttribute with a custom class that adds the user behavior. Typically it uses named users, but you could provide an alternative. Normally if you supply both Users and Roles, it will require that the user be in the list of users and have one of the indicated roles. 

    public class UserOrRoleAuthorizeAttribute : AuthorizeAttribute
{
    public int? SuperUserID { get; set; }

    protected override bool AuthorizeCore( HttpContextBase httpContext )
    {
         if (base.AuthorizeCore( httpContext ))
         {
             var userid == ...get id of current user from db...
             return userid == this.SuperUserID;
         }
         return false;
    }
}

    Used as:

    [UserOrRoleAuthorize(Roles="Admin",SuperUserID=15)]
public ActionResult SomeAction() ...

    Note that you could also add in some way of specifing where to look for the id for this action, .i.e.,

     Table="Admins",Column="AdminID",MatchProperty="Company",MatchParameter="company"

    then put some code into the attribute to look up the value in the property table and column and comparing it to the specified RouteValue entry instead of hard-coding it.

    • 0