MVC configure Authorize Roles value and strongly typed role

Question

In order to authorize a controller for a particular role, following attribute is required on the controller class:

[Authorize(Roles = "SampleRole")]

This requires role name to be hard-coded on the Controller and does not seem to be a flexible solution. My question is that, it is possible to specify value for that role in the web.config and using that key in the controller?

<appSettings>
    <add key="SampleRoleKey" value="SampleRole" /> 
    ...
</appSettings>

And in the controller,

[Authorize(Roles = "SampleRoleKey")]

Another question is that, can we use strongly typed role to authorize the controller?

Peter Kiss · Accepted Answer · 2013-09-27T10:50:36.500

4

Use a static class with public const-s:

public static class Roles
{
    public const string SampleRoleKey = "SampleRole";
}

Create a custom MyAuthorizeAttribute derived from AuthorizeAttribute to have a property which can handle an array of strings and then:

[MyAuthorize(MyRoles = new[]{ Roles.SampleRoleKey }]

edited Sep 27 '13 at 10:50

answered Apr 14 '13 at 11:16

Peter Kiss

9,309
2
23
38

thanks, that was helpful. i found another solution using enums [here](http://stackoverflow.com/questions/2828444/non-string-role-names-in-asp-net-mvc) – user1014639 Apr 18 '13 at 15:32
1

Sorry i've fixed the answer (it is just an example). – Peter Kiss Sep 27 '13 at 10:50
@user1014639 - that was so helpful you couldn't give Peter Kiss an vote? – Mason240 Oct 30 '13 at 16:03

MVC configure Authorize Roles value and strongly typed role

1 Answers1