AuthorizeAttribute Reuse
-
28-05-2021 - |
Question
I'm securing my MVC controllers with AuthorizeAttributes
. Is there a way to instantiate those classes on its own?
At the moment I have an AuthorizedAdmin
and a IsAdmin
class which does the same. So ideally the IsAdmin
should use the AuthorizedAdmin
class. Is there a way to do that?
I'm asking because the AuthorizedAdmin
is really simple:
[AttributeUsage(AttributeTargets.All, Inherited = true, AllowMultiple = true)]
public class AuthorizedAdmin : AuthorizeAttribute
{
public AuthorizedAdmin()
{
Users = ConfigurationManager.AppSettings["ADMIN_USERS"];
Roles = ConfigurationManager.AppSettings["ADMIN_GROUPS"];
}
}
on the other hand the IsAdmin
class is more complex and duplicates functionality.
Thanks
Solution
Sure, you can instantiate AuthorizeAdmin
and call OnAuthorization
on it. It will be messy to work with the AuthorizationContext
though. Why not flip this around... put your business logic in IsAdmin
and have AuthorizedAdmin
use that?
OTHER TIPS
Why do you need IsAdmin
? Why not just have a method called GetAdminRole()
that returns the role string from your AppSettings
and then use User.IsInRole(GetAdminRole())
?
You can then use GetAdminRole()
in your AuthorizedAdminAttribute
as well.