c# - Multiple Authorization attributes on method

Question

Welcome To Ask or Share your Answers For Others

c# - Multiple Authorization attributes on method

posted Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

c# - Multiple Authorization attributes on method

I'm having trouble specifying two separate Authorization attributes on a class method: the user is to be allowed access if either of the two attributes are true.

The Athorization class looks like this:

[AttributeUsage(AttributeTargets.All, AllowMultiple = true)]
public class AuthAttribute : AuthorizeAttribute {
. . .

and the action:

[Auth(Roles = AuthRole.SuperAdministrator)]
[Auth(Roles = AuthRole.Administrator, Module = ModuleID.SomeModule)]
public ActionResult Index() {
    return View(GetIndexViewModel());
}

Is there a way to solve this or do I need to rethink my approach?

This is to be run in MVC2.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-17T00:32:03+0000

There is a better way to do this in later versions of asp.net you can do both OR and AND on roles. This is done through convention, listing multiple roles in a single Authorize will perform an OR where adding Multiple Authorize Attributes will perform AND.

OR example

[Authorize(Roles = "PowerUser,ControlPanelUser")]

AND Example

[Authorize(Roles = "PowerUser")]
[Authorize(Roles = "ControlPanelUser")]

You can find more info on this at the following link https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles

Categories

c# - Multiple Authorization attributes on method

c# - Multiple Authorization attributes on method

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags