I use role manager and windows authentication for my asp.net mvc project, we have 2 roles that are viewers and editors.
<authentication mode="Windows" /> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"> <providers> <clear /> <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager>
The editor can access the entire application, but the viewer can only access two actions.
First I tried to set the Authorize attribute for the base controller, which allows the editor to access everything:
[Authorize(Roles = "Editors")] public class BaseController : Controller
and then add the Authorize attribute for these two actions:
[Authorize(Roles = "Viewers,Editors")] public ActionResult Report(PaymentsUnallocatedAndQueriedModel model)
it does not work, it does not allow the viewer to access any action that makes sense now.
I believe that it is not recommended to repeat the Authorize attribute at the beginning of each action.
Could you tell me if there is a better solution for this
Elham source share