Question
In order to authorize a controller for a particular role, following attribute is required on the controller class:
https://stackoverflow.com/questions/15998385
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian[Authorize(Roles = "SampleRole")]
This requires role name to be hard-coded on the Controller and does not seem to be a flexible solution. My question is that, it is possible to specify value for that role in the web.config and using that key in the controller?
<appSettings>
<add key="SampleRoleKey" value="SampleRole" />
...
</appSettings>
And in the controller,
[Authorize(Roles = "SampleRoleKey")]
Another question is that, can we use strongly typed role to authorize the controller?
Solution
Use a static class with public const-s:
public static class Roles
{
public const string SampleRoleKey = "SampleRole";
}
Create a custom MyAuthorizeAttribute derived from AuthorizeAttribute to have a property which can handle an array of strings and then:
[MyAuthorize(MyRoles = new[]{ Roles.SampleRoleKey }]
