I am working on ASP .NET MVC 5 web application. I am using
[Authorize(Roles="administrator")]
public class MyController:Controller{}
Is there a way to dynamically add new authorized roles for the controller? For example retrieve this information from database or something similar, so it be like the following
[Authorize(Roles=db.MyControllerRoles)]
public class MyController:Controller{}
This role configuration is static. However there is nothing preventing you from writing your own authorization filter where you can do whatever you want. You need to implement interface IAuthorizationFilter.
I have done things like this in several projects and it's working fine.
Related
I use Azure Authentication in ASP.NET Core MVC and would like to lookup information based on this and use it in the whole app.
Edit:
What I basically want can be described as follows:
Users logs in with Azure Auth
The app extracts the preferred_username
An object is created that uses preferred_username to look up more information from the database
this object can be used for DI in order to
create IAuthorizationRequirement in order to use [Authorize(Policy = ("IsRequirementBasedOnLookedUpInformation"))]
can be uses in the views, for example to hide html code in razor like this #if (Object.IsRequirementBasedOnLookedUpInformation)
End Edit
Authentication is set up like this:
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureB2C"));
This allows me to use the ClaimsPrincipal User throughout the whole application.
Now I want to look up some information in a database and make it available for the whole app.
public class UserWithPhoneNummer (dbContext _dbc, ClaimsPrincipal cp)
{
// do stuff with cp.Identity.Name aso
}
Then I would like to inject it via DI in a controller like this
public CashFlowAnalysisController(dbContext _dbc, UserWithPhoneNummer _uwpn)
{
dbc = _dbc;
uwpn = _uwpn;
}
I've found plenty of tutorials and guides, but these all aim at scenarios with EF Core and sophisticated user management.
When I try the IUserClaimsPrincipalFactory I get an error:
services.AddScoped<Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory<mvcUser>,UserClaimsPrincipalFactory>();
Unable to resolve service for type 'Microsoft.AspNetCore.Identity.UserManager`1[Mvc.Models.mvcUser]' while attempting to activate 'Mvc.Authorization.UserClaimsPrincipalFactory'.
I am happy to share more code, if needed and would be grateful for any pointers on how to achieve this.
Is this possible to achieve?
I want to make a library (lets call it Foolib) that will automatically add an mvc controller with a fix route to all mvc applications that have a dependency on Foolib.
Foolib is to be used in several intranet applications that we are developing and I want to make sure that all applications that use of Foolib have an standard ability to receive a configuration object.
In Foolib there will be a controller something like:
public FooController
{
[Route("/Foo")]
public Post(object obj)
{
}
}
Would it be possible to register the controller automatically to all web applications that uses Foolib?
Normally the calls to register controllers are made in the Startup class, how would I hook in this extra controller, hopefully without having to burden the other mvc application developers with an "just add this line to your startup" solution?
According to the docs
"By default MVC will search the dependency tree and find controllers (even in other assemblies)."
So it should just work.
I'm creating my first ASP.NET MVC 3 app and I have a problem with creating class instance based on user role.
I have a Class called Account and it contains information about user accounts and few methods which allow me to manipulate(update) user account information. For example ChangeNickName, AddToGroup, RemoveFromGroup, Ban and so on.
As you can see problem with these methods is that I dont want to allow anyone to use AddToGroup or Ban method but only user with specified role (i'm using ASP.NET default role implementation system)
So I wonder is there a way I could add attribute [Authorize(Roles = "Admin")] to my AddTogroupMethod just like I use it on Controller methods
I know that with proper implementation of controllers I dont need something like this but I want to make sure that I dont allow anyone to make instance of class (or use specified methods by accident) if user is not part of specified role.
So for example if I by accident add access to AddToGroup method in user controller I would still be able to prevent them from exploiting bug because of attribute attached to this method
If I can't solve this problem with attributes is there a way to make VS to block me from debugging application if I make a call to AddToGroup method from xy class
If you have any ides how to make this working I'm open to suggestions
Than in advance
You should probably use the AuthorizeAttribute, however you can check the role of a current user in code using Roles.UserIsInRole.
There's a little info on this in MVC here (the assembly seems to have changed between 3.5/4.0):
asp.net mvc -> Roles.IsUserInRole(username,role)
I have an ASP.NET 3.5 Site where, in some places, I am checking if the currently logged on Active Directory user is in a certain AD Security Group. In the Page_Load I'm doing something like this:
if (isInADGroup(UserGUID))
{
//proceed
}
Now I was wondering, couldn't I just create a Custom Attribute, like some of MVC's security attributes, which runs this check and cancels the execution or displays an error message?
Not sure about an attribute but you could always create a custom page that handles this inheriting from System.Web.UI.Page and use this as the base class for your web forms.
I'm developing a ASP.NET MVC 2 web application. So far, I managed to define access rules for every controller function, using "RequiresRole" attribute.
Suddenly, this way of defining access rules stopped working (now every user can invoke any of the controller methods). :S. I tried debugging, and it seems that user-roles are correct. I tried reviewing web.config, but did not find anything suspicious.
Don't know what else could be the problem.
Any ideas??
RequresRoleAttribute is intended for use on WCF domain data services, not MVC controllers. I believe the attribute you should use is AuthorizeAttribute, setting the Roles parameter.