-1

I'm securing my MVC controllers with AuthorizeAttributes. Is there a way to instantiate those classes on its own?

At the moment I have an AuthorizedAdmin and a IsAdmin class which does the same. So ideally the IsAdmin should use the AuthorizedAdmin class. Is there a way to do that?

I'm asking because the AuthorizedAdmin is really simple:

[AttributeUsage(AttributeTargets.All, Inherited = true, AllowMultiple = true)]
public class AuthorizedAdmin : AuthorizeAttribute
{
    public AuthorizedAdmin()
    {
        Users = ConfigurationManager.AppSettings["ADMIN_USERS"];
        Roles = ConfigurationManager.AppSettings["ADMIN_GROUPS"];
    }
}

on the other hand the IsAdmin class is more complex and duplicates functionality.

Thanks

duedl0r
  • 9,289
  • 3
  • 30
  • 45

2 Answers2

2

Why do you need IsAdmin? Why not just have a method called GetAdminRole() that returns the role string from your AppSettings and then use User.IsInRole(GetAdminRole())?

You can then use GetAdminRole() in your AuthorizedAdminAttribute as well.

Erik Funkenbusch
  • 92,674
  • 28
  • 195
  • 291
  • The IsAdmin also has a user list to handle.. `users.Split(',').MatchUser...`. Hmm..but I think about your hint.. probably not bad even with user stuff.. thx – duedl0r Apr 03 '12 at 16:13
1

Sure, you can instantiate AuthorizeAdmin and call OnAuthorization on it. It will be messy to work with the AuthorizationContext though. Why not flip this around... put your business logic in IsAdmin and have AuthorizedAdmin use that?

Robert Levy
  • 28,747
  • 6
  • 62
  • 94
  • Yeah, maybe it's better not to force something. The reason I didn't want that was that the AuthorizedAdmin code is really simple. Didn't want to delete it :) or replace it with more complex code... – duedl0r Apr 03 '12 at 16:09