Change role permissions in ASP .NET MVC

Question

I am working on ASP .NET MVC 5 web application. I am using

[Authorize(Roles="administrator")] public class MyController:Controller{}

Is there a way to dynamically add new authorized roles for the controller? For example retrieve this information from database or something similar, so it be like the following

[Authorize(Roles=db.MyControllerRoles)] public class MyController:Controller{}

@gldraphael I need to give a user an ability to change the list of roles who can perform some actions. Lets say admin decided to give one role some more permissions etc... But without redeploying the entire application — Vitalii Kalinin, Feb 18 '15 at 20:31

score 5 · Accepted Answer · answered Feb 18 '15 at 20:19

This role configuration is static. However there is nothing preventing you from writing your own authorization filter where you can do whatever you want. You need to implement interface IAuthorizationFilter.

I have done things like this in several projects and it's working fine.

Change role permissions in ASP .NET MVC

1 Answers1