Home/ Questions/Q 6947407
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T13:41:21+00:00

I have statically allowed access to controllers/action methods using the standard Authorize attribute with

  • 0

I have statically allowed access to controllers/action methods using the standard Authorize attribute with roles. I am using the default ASP.Net Membership Provider.

One of our clients wants finer grained access control. They would like to be able to dynamically assign which roles can access which controllers/actions etc. I’ve seen answers saying implement a CustomAuthorize Attribute.

Just wondered if there were any toolkits etc to this. It seems a reasonably standard feature. I guess something like this http://kbochevski.blogspot.com/2009/11/mvc-custom-authorization.html

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try a custom attribute like this:

    public class DynamicAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var controllerName = httpContext.Request.RequestContext.RouteData.Values["controller"];
        var actionName = httpContext.Request.RequestContext.RouteData.Values["action"];

        // Get this string (roles) from a database or somewhere dynamic using the controllerName and actionName
        Roles = "Role1,Role2,Role3"; // i.e.  GetRolesFromDatabase(controllerName, actionName);

        return base.AuthorizeCore(httpContext);
    }
}

    Just put this attribute on any action method that requires authorization and do a look up in a database with the controller name and action name to get the required roles.

    Hope this helps,

    Mark

    • 0