MVC4 Authorize Attribute overide; how to get passed in Roles?

Question

I'm trying to create my own [Authorize] Attribute so I can use my own authorize logic to have hierarchal roles.

If someone does [Authorize(Roles = "Admin")] on a controller or action How do I get the string "Admin" in my AuthorizeCore function?

I'm using this code:

public class Authorize : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        //authorize role logic
            if (true)
                return true;

        return false;
     }
    }

MVC4, .net 4.5, c#, VS 2012

Answer 1

It is quit a common thing that you have faced with.

This recommendation in post should work in MVC4 as it is working in MVC 3: - ASP.NET MVC - Alternative to Role Provider?

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        bool isAdmin;
        if(Roles.Contains("Admin"))
           isAdmin = true;

        return isAdmin ;
    }

Answer 2

Roles is a public property. You should be able to do this:

public class Authorize : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {

        if(Roles.Contains("MyRole"))
           return true;

        return false;
    }
}

Or whatever it is that you need to do

Answer 3

If you need to get the list of allowed roles, you can simply get the Roles property. It will list the string that was specified in the attribute decoration.

public class Authorize : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var allowedRoles = Roles;
    }
}

You can see this on the AuthorizeAttribute definition