views:

68

answers:

1

I am currently hard coding the authorized roles in the filter in my MVC applications like so:

[Authorize(Roles = "Administrator,Manager")]

I'd like to eventually have a way to map the roles to each controller, so that the site admin can handle assigning what roles can perform each set of actions.

string roles = DoSomethingToGetAllowableRoles(controllerName);

[Authorize(Roles = roles)]

I'm imagining that I need to have a database table that somehow keeps a listing of each controller, and then another table mapping the controllers to the roles. What I'd like is a page where I can list out each controller and then have a set of check boxes that lists each role that applies to that controller.

anyone have an example or can lead me in a direction that will accomplish this?

+4  A: 

You're going to need to write your own authorization filter (probably by extending the built in one).

The reason for this is that you can't assign attribute parameters dynamically like that.

You won't need to mess with the MVC source code - you just need to create a class which inherits from System.Web.Mvc.AuthrorizeAttribute, override AuthorizeCore, and then use your attribute in place of the default:

public class CustomAuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        // Put your custom logic here, returning true for success and false for failure,
        // or return base.AuthorizeCore(httpContext) to defer to the base implementation
    }
}
Bennor McCarthy
I suppose that's part of what I was trying to find out - if it's possible without messing with the MVC source code...thanks!
Ben
It's not as difficult as you might think. I've given an example.
Bennor McCarthy