Authorization MVC

Question

I have a controller with an Authorize attribute on it that accepts users for the Worker role:

[Authorize(Roles = "Worker")]
public class AuthorizedController : Controller

The rest of the controllers inherit from this controller.

In one of my controllers I want to give access to authorized users that is not in any role for some actions. Is there a way to inherit from AuthorizedController and yet give access to some of the inherited controller actions for users that are not in the worker role?

Have you considered using XACML in your MVC app? – David Brossard Nov 15 '13 at 15:50 — David Brossard, Nov 15 '13 at 15:50

score 0 · Answer 1 · answered Nov 15 '13 at 16:47

0

Try to put the [Authorize] on the controller and the [Authorize(Roles = "Worker")] on the Action, so you can control better the authorization.

answered Nov 15 '13 at 16:47

theLaw

1,261
2
11
23

Authorization MVC

1 Answers1