发表新帖
发表新帖

How to write AuthorizeAttribute if a role contains space

后端 未结
关注
3 1298
囚心锁ツ
囚心锁ツ 2021-01-05 17:21

I am using MVC3/4. But it is just a general question in authorization.

One of the role I have is named \"Trip Leader\" in the database, which contains a space.

相关标签:
3条回答
  • 梦如初夏
    2021-01-05 17:52

    I could not get the other answers to work. My roles had commas in them and wouldn't work with the original AuthorizeAttribute.

       //Custom Authorize class that derives from the existing AuthorizeAttribute
    public class CustomAuthorizeAttribute : AuthorizeAttribute
    {

        private string[] _allowedRoles;

        public CustomAuthorizeAttribute(params string[] roles)
        {
            //allowed roles
            _allowedRoles = roles;
        }
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var roleManager = httpContext.GetOwinContext().Get<ApplicationUserManager>();
            //Grab all of the Roles for the current user
            var roles = roleManager.GetRoles(httpContext.User.Identity.GetUserId());
            //Determine if they are currently in any of the required roles (and allow / disallow accordingly) 
            return _allowedRoles.Any(x => roles.Contains(x));
        }
    }
    0 讨论(0)
  • 时光取名叫无心
    2021-01-05 18:06

    Create your own attribute and derive from AuthorizeAttribute. Then override the AuthorizeCore method and implement your own logic with validation on a role that contains a space.

    An example could be something like this:

    public class CustomAuthAttribute : AuthorizeAttribute
{
   private readonly IUserRoleService _userRoleService;
   private string[] _allowedRoles;

   public CustomAuthAttribute(params string[] roles)
   {
      _userRoleService = new UserRoleService();
      _allowedRoles = roles;
   }
   protected override bool AuthorizeCore(HttpContextBase httpContext)
   {
    //something like this.
    var userName = httpContext.User.Identity.Name;
    var userRoles = _userRoleService .GetUserRoles(userName); // return list of strings
    return _allowedRoles.Any(x => userRoles.Contains(x));
   }

    }

    Usage

    [CustomAuth("role withspace","admin")]
public ActionResult Index()
{
}
    0 讨论(0)
  • 时光说笑
    2021-01-05 18:09

    Try this:

    [Authorize(Roles="Trip Leader")]
[Authorize(Roles="Administrator")]

    EDIT: The above code requires the user to fulfill both roles. If you are looking for an either/or authorization, try this:

    [Authorize(Roles="Trip Leader, Administrator")]
    0 讨论(0)
 看不清?
提交回复
热议问题