I have made an AuthorizeAttributeBase
to extend AuthorizeAttribute
.
It looks like this:
public abstract class MyAuthorizeAttribute : AuthorizeAttribute
{
//Holds the roles allowed to perform the action.
public IEnumerable<string> roles { get; set; }
/// <summary>
/// Authorizes if the current user may perform the action
/// </summary>
/// <param name="httpContext">Unused - included for override purposes.</param>
/// <returns>true if authorized.</returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//Return true if user is in the action allowed roles.
if (IsUserInRole)
{
return true;
}
else
{
HttpContext.Current.Response.StatusCode = 401;
return false;
}
}
/// <summary>
/// Checks if the user is member of a role that is allowed by the authorization
/// </summary>
public bool IsUserInRole
{
get
{
if (roles != null)
{
//Check if any of the roles in the session is in the list of roles of the authorization
return (MySessionGetter.GetSession().Roles.Intersect<string>(roles).Any());
}
//If none of the roles match return false.
return false;
}
}
/// <summary>
/// Sets the allowed roles of the authorization
/// </summary>
/// <param name="userRoles">Allowed roles</param>
public void AlowedRoles(IEnumerable<string> userRoles)
{
roles = userRoles;
}
I keep the allowed rolenames like this:
/// <summary>
/// Holds the role names.
/// </summary>
public static class UserRoles
{
public static string Administrators = "Administrators";
public static string Teachers= "Teachers";
}
And use my base like this:
/// <summary>
/// Authorization for the access to the SomeAction
/// </summary>
public class AuthorizeAccessToSomeActionAttribute : MyAuthorizeAttribute
{
public AuthorizeAccessToSomeActionAttribute()
{
AlowedRoles(new List<string> { UserRoles.Adminstrators,
UserRoles.Teachers });
}
}
And last but not least the controller:
/// <summary>
/// The main Index view of application
/// </summary>
/// <returns>Application Index views</returns>
[AuthorizeAccessToSomeAction]
public ActionResult Index()
{
return View("Index");
}
Now what I want to do is make the index switch return value on base of the AuthorizeAttribute
s.
Lets say Teachers to the TeachersIndex()
and Administrators to the AdministratorsIndex()
.
I tried adding this to the base:
//Checks if the current user is authorized.
public bool IsAuthorized()
{
return AuthorizeCore(new HttpContextWrapper());
}
But I end up having to create new AutorizeAttribute
s every time.
Making it static
seemed to give me even more problems.
Is there a correct way of going about this?
Solved it. :)
The OnAuthorization
override got me a new lead.
Found this question.
I put the redirects in a Dictionary<string, RedirectToRouteResult>
because I like the idea of keeping all role strings in one place instead of filling up my controllers with magic strings.
public static Dictionary<string, RedirectToRouteResult> HomeRedirect
{
get
{
return new Dictionary<string, RedirectToRouteResult> {
{"Administrators", new RedirectToRouteResult(
new RouteValueDictionary { { "action", "AdministratorIndex" }, { "controller", "MyController" }})},
{"Teacher", new RedirectToRouteResult(
new RouteValueDictionary { { "action", "TeacherIndex" }, { "controller", "MyController" }})}
};
And the override HandleUnauthorizedRequest
looks like this now:
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
filterContext.Result = UserRoles.HomeRedirect
.SingleOrDefault(m => m.Key == MySessionGetter.GetSession().Roles.First()).Value;
}