I have following customize class for dynamic role assignment:
public class DynamicAuthorizeAttribute : AuthorizeAttribute
{
IVRControlPanelRepository repository = new IVRControlPanelRepository();
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var controllerName = httpContext.Request.RequestContext.RouteData.Values["controller"];
var actionName = httpContext.Request.RequestContext.RouteData.Values["action"];
string controller = controllerName.ToString() + "Controller";
string action = actionName.ToString();
repository.GetAssignRole(controller, action);
GetRolesFromDatabase(controllerName, actionName);
// Roles = "Role1,Role2,Role3";
Roles = repository.GetAssignRole(controller, action);
return base.AuthorizeCore(httpContext);
}
}
Following is the function to return the string of role seperated with comma
public string GetAssignRole(string controllername, string actionname)
{
using (AppEntities db = new AppEntities())
{
var result = from u in db.AssignRoles where (u.ControllerName == controllername && u.ActionName == actionname) select u;
if (result.Count() != 0)
{
var rol = result.FirstOrDefault();
return rol.Role;
}
else
{
return "";
}
}
}
I have placed Attributes [DynamicAuthorizeAttribute] to all action of all controller.
Problem:
If the Roles is empty returned from GetAssignRole() It is redirected to LogOn. But I actually want to assigned as unauthorized access to the action if the Roles="" in above code. It works properly if the Roles=”Administrator,Member”
What should be changed in above function in order to access the action by anonymous user or anyone if the Roles is empty string returned from GetAssignRole().
If I understood right, you need: