ASP.NET MVC Authorize user with many roles

Herno Published at Dev

Herno

I need to authorize a Controller in my ASP.NET MVC application to users which have two roles. I am using Authorize attribute like this:

[Authorize(Roles = "Producer, Editor")]

But this allows Producers and Editors to the controller. I want only to allow users having both roles, not just one of them.

How could i achive this?

Molomby

As the question states, when multiple roles are given in a single Authorize() call they are applied such that if the user belongs to any of the roles listed they will be granted access; like a logical OR operator.

Alternatively, to achieve the effect of a logical AND operator you can apply the Authorize attribute multiple times. Eg..

[Authorize(Roles = "Producer")]
[Authorize(Roles = "Editor")]
public ActionResult Details(int id) {
    // Only available to users who are Producers AND Editors
}

For the example above, the action body is accessible only to users who belong to the Producer and the Editor roles.

Rudi points out in the comments this lets you create some reasonably complex access rules without needing to implement a custom AuthorizeAttribute. For example, in the code below users can execute the action if they are both: a) in the Enabled role and b) in either the Editor or Admin roles.

[Authorize(Roles = "Enabled")]
[Authorize(Roles = "Editor,Admin")]
public ActionResult Details(int id) {
    // Only available to users who are Enabled AND either an Admin OR an Editor
}

I'm not sure which version brought this in but it works in at least MVC 4 and 5.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2020-10-21

Comments

0 comments

TOP Ranking

Article

ASP.NET MVC Authorize user with many roles

ASP.NET MVC Authorize user with many roles

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

How to import an asset in swift using Bundle.main.path() in a react-native native module

pump.io port in URL

Compiler error CS0246 (type or namespace not found) on using Ninject in ASP.NET vNext

BigQuery - concatenate ignoring NULL

ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

How to remove the extra space from right in a webview?

java.lang.NullPointerException: Cannot read the array length because "<local3>" is null

Jquery different data trapped from direct mousedown event and simulation via $(this).trigger('mousedown');

flutter: dropdown item programmatically unselect problem

How to use merge windows unallocated space into Ubuntu using GParted?

Change dd-mm-yyyy date format of dataframe date column to yyyy-mm-dd

Nuget add packages gives access denied errors

Svchost high CPU from Microsoft.BingWeather app errors

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

12.04.3--- Dconf Editor won't show com>canonical>unity option

Any way to remove trailing whitespace *FOR EDITED* lines in Eclipse [for Java]?

maven-jaxb2-plugin cannot generate classes due to two declarations cause a collision in ObjectFactory class

Any way to remove trailing whitespace FOR EDITED lines in Eclipse [for Java]?