C# - Extend AuthorizeAttribute And Check The User's Roles?
Feb 25, 2011
I am busy writing my own custom attribute for my action method called MyAuthorizeAttribute, I am still busy writing the code, here is my partial code:
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class MyAuthorizeAttribute : AuthorizeAttribute
{
public new Role Roles;
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (Roles != 0) // Did it this way to see what the value of Roles was
return;
// Here I am going to get a list of user roles
// I'm doing my own database calls
filterContext.Result = new HttpUnauthorizedResult();
}
}
Here is my Role enum:
public enum Role
{
Administrator = 1,
SuperAdministrator = 2
}
My action method:
[MyAuthorize(Roles = Role.Administrator|Role.SuperAdministrator)]
public ActionResult Create()
{
return View();
}
The reason why I did not use Roles = "Administrator,SuperAdministrator" was because the roles are hard-coded. I don't want to have a 100 places to change if the role name changes.
Given my method, when it gets to if (Roles != 0) then Roles total value is 3, how would I check to see if these 2 roles is in the list of user roles for a specific user?
Am I doing it correct here? If not how would I otherwise implement this? It doesn't have to be the way that I did it in.
View 2 Replies
Similar Messages:
Jun 12, 2010
How to extend a compareValidator so i can check, if user has written some text in ControlToValidate then he must write some text in ControlToCompare too.
View 1 Replies
Jan 25, 2011
I'm securing an ASP.NET MVC 2 application, and I have a user who is in the role "Foo".
This is true:
User.IsInRole("Foo")
But yet, when I attempt to lock down a controller action like the following, the user is denied:
[Authorize(Roles = "Foo")]
public ActionResult PrivatePage()
{
return View();
}
If IsInRole reports true, why would the Authorize attribute not allow the user in?
View 2 Replies
Feb 24, 2011
Let's say I have a rolegroup as follows:
<asp:LoginView ID="lvDoSomeStuff" runat="server">
<RoleGroups>
<asp:RoleGroup Roles="RoleOne,RoleTwo">
<ContentTemplate>
...
</ContentTemplate>
</asp:RoleGroup>
</RoleGroups>
</asp:LoginView>
Is there a way I can make it so that a user must meet RoleOne and RoleTwo to satisfy the RoleGroup? By default, if a user is in either of the two roles, they will be granted access. I know I can do this via the code-behind, but I'd prefer to be able to wrap some content template with this markup instead of having to wrap it in a panel and hide the panel programmatically.
View 1 Replies
Aug 12, 2010
i have a WebUserControls with 2 file : UCTMyControl.ASCX and UCTMyControl.ASCX.CS
In file UCTMyControl.ASCX.CS i have 1 virtual method Example: Virtual void Hello();
and now in Page example : MyPage.aspx and MyPage.aspx.cs
i want override method Hello() above in Web User Controls
how can i do ?
View 2 Replies
Jul 30, 2010
I'm not talking about asp.net membership.
For each logged user I want to cache some properties like status or the number of friend requests, from the db.
I can create custom class which would do it but I thought it will be better to extend the existing User.Identity property. Something like this:
Label1.Text = User.Identity.Status;
View 2 Replies
Feb 21, 2010
[Code]....
Is the best or only way to check if member has any roles at all, ak zero roles ?
View 1 Replies
Aug 31, 2010
I'm trying to create a user control class that extends Panel. Essentially, what I want to do is to have a panel that fires off an event whenever it's clicked upon.
So, I create something like this:
[Code]....
And then, in the ClickPanel.ascx.cs file:
[Code]....
I'm not exactly sure whether this would work as I haven't had the opportunity to test it yet.
The problem is that I can't have a class inherit from Panel. Creating a user control class requires that my class extend User Control - at least that's what the error messages have been saying up until now. The problem is that if I do extend it from the base class of UserControl then I lose all the functionality of the Panel itself and the entire thing is rendered pointless.
View 1 Replies
Dec 8, 2010
I have modal popup extender with two buttons called continue and cancel within it.I get this popup warning when session is going to expire.When I click cancel button it should logout me and when I click continue button it should extend my session for next 20 minutes. Both button gets trigered when I click them.Problem is that when I click continue button it should extend session for another 20 minutes and alert should disapper.That doesn't work.
[Code]....
View 2 Replies
Feb 8, 2010
I've got an MVC 1.0 View that is more-or-less an attempt at reproducing WSAT.
On the Security->Manage Users page there's a column of checkboxes for "Active" for each user. Also when clicking the 'Edit roles' link a set of roles shows up in the Roles column of the table.
I'm using the standard SQL based Membership and Role providers that come out of the ASP.NET box.
For some reason, when I run the app from VS2008 all is well and I can update the Active and Roles values. However, when I deploy to a remote server, either my test server or in production, the checkboxes don't update the databse. Note that the links for 'Edit user', 'Delete user' work fine. I can create a new user or delete a user with no problems in any of the deployed locations. Also the 'Edit roles' link also works fine in that it brings up the list of all possible roles and shows which roles the user is in. The problem is specifically with the Checkboxes.
Interesting to note is that the JavaScript alert() (see below) does fire when clicking on any of the Role checkboxes. However, although the box is checked, the database is not updated on the any but VS2008 Casini. The database connection string is not changed on any of the execution sites which are running SQL 2008. IIS 7 on one deployed server (an ISP) and 7.5 on the other my in-house test server.
Here's the code I'm using to create the Roles portion of the page:
[Code]....
View 3 Replies
Feb 26, 2014
i need a script on ASP.net that can build this form.
1.Users === Drop Down Menu then in the Drop down should be the names of all Taafoo staff.
View 1 Replies
May 7, 2015
In Below link show to how to Imaplement role based security, Page access and show / Hide Menu items based on Role in asp.net
[URL]
But My Questions is How to Register Admin and Client user?
View 1 Replies
Nov 22, 2010
There are 10 check boxes in one page. How to code to allow user only check one?
View 1 Replies
Nov 22, 2010
There are 10 check boxes in one page. How to code to allow user only check one?
View 2 Replies
Apr 3, 2010
I'm developing a web application I want to use the role authentication to control different parts of the website accessibility. But my problem is say I implemented a upload and download functionality on one of the page and I want to have the ability to control a user whether they can either upload or download; or both. So, I'm not exactly sure if the role base authentication can support a user with more than one role to work the way I want it.
View 1 Replies
Jan 28, 2011
What is the most straight forward way to use AuthorizeAttribute and JsonResult together so that when the user is not authorized the application returns a Json error rather than a log in page?The two things I am currently considering are extending AuthorizeAttribute or just making a new attribute that implements IAuthorizationFilter.
View 1 Replies
Aug 11, 2010
I am baffled, I am using a treeview to set the source of an iframe. The web page is being displayed correctly, but User.IsInRole("roleName"), in the code behind, always returns false. The strange thing is User.Identity.Name returns the correct user name. I have tried setting the target of the tree view nodes to "_blank" and to "_self" and still no luck. So, it doesn't appear that the problem is related to the iframe.Before the treeview was added, javascript was used to set the source for the iframe and User.IsInRole returned the correct values.
View 4 Replies
Sep 6, 2010
I am not sure is there any other way to add User for my application othe than using Asp.net Website admistration tool??
View 1 Replies
Oct 12, 2010
I'm writing an MVC app that is a front-end for an existing system with it's own authentication process. I want to mimic the behavior of forms authentication with the [Authorize] attribute redirecting to a log-on page, but the logged in status is handled completely by API calls to the backend system. What do I need to do for ASP.NET MVC to recognize a user as "authenticated" if I'm not using the Forms authentication system?
View 3 Replies
Apr 24, 2010
I have a database where i want to log my user into and for this issue i want to customize the AuthorizeAttribute i am wrong ?? have some easier way to do it ??
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
// the "new" must be used here because we are overriding
// the Roles property on the underlying class
public new Authorization.SiteRoles Roles;
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
string[] users = Users.Split(',');
if (!httpContext.User.Identity.IsAuthenticated)
return false;
int found = Convert.ToInt32(httpContext.Session["role"]);
return Authorization.CheckRolesCompliance(Roles);
}
}
ERROR: 'CustomAuthorizeAttribute.AuthorizeCore(System.Web.HttpContextBase)': no suitable method found to override
View 4 Replies
Nov 26, 2010
I Create my won Authorize Attribute. Thats work great in the controller. How can I use it in the view.
Example : I have a manage user link, If you haven't access to this page, I don't want to show the link.
Here is my Authorize Attribute.
public class UserAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.Session["UserID"] == null)
[Code]....
View 1 Replies
Jun 3, 2010
I thought about creating a custom AuthorizeAttribute that will prevent logged in users calling a action ( [UnAuthorized] so to speak)
Tried creating a custom AuthorizeAttribute and override the AuthorizeCore method, but not sure this is the right approach.
(does not work anyhow...get an error telling me "no suitable method found to override")
[Code]....
View 7 Replies
May 7, 2015
What if, I'm not using the LOGIN CONTROL but rather creating a Custom Control for Login. Is it possible to have user roles and a site map that redirects to its own destination when the user login?
View 1 Replies
Jan 11, 2010
Im now in assigning a roles to a user. But, 1 of my user wants me to assign 2 roles for him.. The situasion is like this :
I have a few roles which are :
- zone head
-zone officer
-clerk
The problem is now 1 person can be assign for 1 role only..
How can i assign 2 roles for 1 user..
View 4 Replies
Aug 24, 2010
I have setup ASP security in my application. I used the following tutorial, just wondering if someone can tell me how i can setup this up to allow the creation of a user?
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
where to find or what to search on to find some example of how to add the option for adding users?
I have the above setup and its working, but only because of the accounts i created with my global.asax file.
I need to give the admins access to add a new user. Currently i can search on existing users and update them, but need to add the ability to add a new user.
View 4 Replies
