Home/ Questions/Q 8430129
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T05:31:29+00:00

This allows frankl to access but blocks the admins. What have I done wrong?

  • 0

This allows “frankl” to access but blocks the admins. What have I done wrong?

 [Authorize(Order=1,Roles = "Admin",Users="frankl")]
public class AuthorizeBaseController_Admins_frank : Controller
{

}

It is probably simple but I don’t see any examples that combine the two and the “Allowmultiple” property generates an error when I try to add it.

Thanks,
Chris

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Roles and Users should be used exclusively. If you want to combine them you could write a custom authorize attribute:

    public class MyAuthoirizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
        {
            throw new ArgumentNullException("httpContext");
        }
        var user = httpContext.User;
        if (!user.Identity.IsAuthenticated)
        {
            return false;
        }
        var usersSplit = SplitString(Users);
        var rolesSplit = SplitString(Roles);

        return
            (usersSplit.Length > 0 && usersSplit.Contains(user.Identity.Name, StringComparer.OrdinalIgnoreCase)) ||
            (rolesSplit.Length > 0 && rolesSplit.Any(user.IsInRole));
    }

    private string[] SplitString(string original)
    {
        if (string.IsNullOrEmpty(original))
        {
            return new string[0];
        }
        return (from piece in original.Split(',')
                let trimmed = piece.Trim()
                where !string.IsNullOrEmpty(trimmed)
                select trimmed).ToArray();
    }
}

    and then:

    [MyAuthorize(Order = 1, Roles = "Admin", Users="frankl")]
public class AuthorizeBaseController_Admins_frank : Controller
{
    ...    
}
    • 0