Home/ Questions/Q 8505043
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T02:12:28+00:00

Possible Duplicate: ASP.NET MVC3 Role and Permission Management -> With Runtime Permission Assignment Say

  • 0

Possible Duplicate:
ASP.NET MVC3 Role and Permission Management -> With Runtime Permission Assignment

Say I have an ActionResult Members in a controller that should only allow members to access it. Normally I would just put a [Authorize(Roles = "Members")] attribute on the action to only allow authenticated users in the Members role to access it.

Is there a way I can allow admins (or whatever) to change it in the future to lets say [Authorize(Roles = "Members, PotentialMembers ")] (this would allow users in the roles Members and PotentialMembers to access this action?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can’t, unfortunately, do this with the default attribute. You could, however, write your own attribute by inheriting from Authorize (or you can readily get the source for Authorize on the web).

    From there, you would have to devise a mechanism for a) storing the allowed roles per controller through some kind of interface, and b) using those mappings in your custom filter attribute to allow/deny access.

    If you were to do this, I would recommend loading the mapping at application start up and using an in-memory manager to signal configuration changes.

    • 0