Question

I'm securing my MVC controllers with AuthorizeAttributes. Is there a way to instantiate those classes on its own?

At the moment I have an AuthorizedAdmin and a IsAdmin class which does the same. So ideally the IsAdmin should use the AuthorizedAdmin class. Is there a way to do that?

I'm asking because the AuthorizedAdmin is really simple:

[AttributeUsage(AttributeTargets.All, Inherited = true, AllowMultiple = true)]
public class AuthorizedAdmin : AuthorizeAttribute
{
    public AuthorizedAdmin()
    {
        Users = ConfigurationManager.AppSettings["ADMIN_USERS"];
        Roles = ConfigurationManager.AppSettings["ADMIN_GROUPS"];
    }
}

on the other hand the IsAdmin class is more complex and duplicates functionality.

Thanks

Was it helpful?

Solution

Sure, you can instantiate AuthorizeAdmin and call OnAuthorization on it. It will be messy to work with the AuthorizationContext though. Why not flip this around... put your business logic in IsAdmin and have AuthorizedAdmin use that?

OTHER TIPS

Why do you need IsAdmin? Why not just have a method called GetAdminRole() that returns the role string from your AppSettings and then use User.IsInRole(GetAdminRole())?

You can then use GetAdminRole() in your AuthorizedAdminAttribute as well.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top