Geek Answers Handbook

Documenting the use of the [Authorize] attribute, report generation

Many classes and methods in my ASP.NET MVC 3 application are decorated with the [Authorize] attribute, for example:

[Authorize(Roles = "assignment_edit, assignment_view")] public class AssignmentController : Controller {

or that:

 [HttpPost] [Authorize(Roles = "assignment_edit")] public ActionResult Create(AssignmentViewModel assignment) {

I would like to find a way to document which classes and methods are limited to specific roles and users, and create a report grouped by role or class, indicating who is authorized to do what. This would make it easier to understand what role the user should be given if they need to perform certain actions.

I examined the use of C #'s built-in documentation and using a tag, such as comments , to save this information, then outputting it to an xml file , but it seems awkward - I will need to re-enter information that may go out of sync with the attribute and do the subsequent processing An XML document for analyzing information and presenting it in readable form.

I am curious if anyone else has a similar need and are there any tools or processes to solve this problem?

+1
c # asp.net-mvc
source share
2 answers

There are several tools available, for example,

To add documentation to your method or class, you can use GhostDoc "

To create a documentation file from the above XML documents, you can use VSDocMan "

For free products

You can use sandcastle

0
source share

I am using ASP.NET MVC SiteMap provider http://mvcsitemap.codeplex.com/ can also be found in Nuget

Install Roles In .sitemap File

 <mvcSiteMapNode title="Home" controller="Home" action="Index"> <mvcSiteMapNode title="About" controller="Home" action="About" roles="Admin,Users"/> <mvcSiteMapNode title="LogOn" controller="Home" action="LogOn"/&gt </mvcSiteMapNode>

And if the request is not authenticated

Sitemap.CurrentNode will be null therefore I add ActionFiliter

 public class RolesAuthenticationAttribute : ActionFilterAttribute, IAuthorizationFilter { public void OnAuthorization(AuthorizationContext filterContext) { if (SiteMap.CurrentNode == null) { throw new UnauthorizedAccessException(); } } }

In the controller

 [RolesAuthenticationAttribute] public class HomeController : Controller {
+1
source share

More articles:


All Articles