Based on ajbeaven's answer, I managed to extend it to a list of roles instead of a single role.
First, the Restrict class:
public class Restrict : AuthorizeAttribute { private List<string> _roles; public string Roles { get { string roles = ""; if (_roles != null && _roles.Count > 0) { int counter = 0; foreach (string role in _roles) { counter++; if (counter == _roles.Count) { roles = role; } else { roles += role + ","; } } } return roles; } set { _roles = new List<string>(); string[] roles = value.Split(','); foreach (string role in roles) { _roles.Add(role); } } } public Restrict() { _roles = new List<string>(); } protected override bool AuthorizeCore(HttpContextBase httpContext) { bool result = true; if (httpContext == null) { throw new ArgumentNullException("httpContext"); } foreach (string role in _roles) { if (httpContext.User.IsInRole(role)) { result = false; break; } } return result; } }
Then add the AppRoles class to make the whole solution reusable:
public static class AppRoles { public const string Role1 = "Role1"; public const string Role2 = "Role2"; }
Using:
[Authorize] [Restrict(Roles = AppRoles.Role1 + "," + AppRoles.Role2)] public ActionResult Index() { return View(); }
Dzik
source share