How to add "pass" parameter to custom attribute AuthorizeAttribute

Question

How to add "pass" parameter to custom attribute AuthorizeAttribute

I want to protect the action of the controller so that only users with the Administrator role can enter it.
I do not use a role / membership provider, all this is custom.
I have done it so far:

public class CustomAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthorized = base.AuthorizeCore(httpContext); if (!isAuthorized) return false; string username = httpContext.User.Identity.Name; UserRepository repo = new UserRepository(); return repo.IsUserInRole(username, "Admin"); } }

Please note that I hardcoded "admin" here.
I want it to be dynamic.
This work now:

 [CustomAuthorize] public ActionResult RestrictedArea()...

But I want something like this:

 [CustomAuthorize(Roles = "Admin")] public ActionResult RestrictedArea()

+8

c # asp.net-mvc asp.net-mvc-3 custom-attributes

1110 Feb 23 '13 at 16:34

source share

1 answer

Zbigniew · Accepted Answer · 2013-02-23T16:35:50+0000

AuthorizeAttribute already has a Roles property that can be used for this purpose:

 public class CustomAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthorized = base.AuthorizeCore(httpContext); if (!isAuthorized) { return false; } string username = httpContext.User.Identity.Name; UserRepository repo = new UserRepository(); return repo.IsUserInRole(username, this.Roles); } }

How to add "pass" parameter to custom attribute AuthorizeAttribute

More articles: