Search code examples
asp.net-mvcasp.net-mvc-4authorizationroleprovider

MVC4 role based controller's action access

I want to build a Registration system where, while adding an user u can select the type of role you can give to him/her. And depending upon the role he/she it would be decided whether certain action in controller can be accessed or not.

For example, let's say there are two roles, admin and developer. And having something like mentioned below would only allow user with roles as admin to acces following action.

[Authorize(Roles = "admin"]
public ActionResult CreateUser()
{
   return View();
}

As far as I know I have to implement my custom RoleProvider or IPrincipal? I tried to find some example on that but didn't quite get what i'm exactly looking for. Here is how my RegisterModel currently looks like

public class RegisterModel
    {
        [Key]
        public Guid Id;
        [Required]
        [Display(Name="First Name")]
        public string FirstName {get; set;}

        [Required]
        [Display(Name="Last Name")]
        public string LastName {get; set;}

        [Required]
        [Display(Name="Email Id")]
        [DataType(DataType.EmailAddress)]
        public string EmailId {get; set;}

        [Required]
        [Display(Name = "User name")]
        public string UserName { get; set; }

        [Required]
        [Display(Name = "Password")]
        [DataType(DataType.Password)]
        public string Password { get; set; }

        [Required]
        [Display(Name = "Confirm Password")]
        [DataType(DataType.Password)]
        public string ConfirmPassword { get; set; }

       [Required]
       [Display(Name = "Role")]
       public UserRole Role { get; set; }

    }



  public class UserRole
    {
        [Key]
        public int RoleId { get; set; }

        public string RoleName { get; set; }
    }

Thing is I want the role to be decided when adding a user and use the Custom Authorize attribute. Any article or blog that anyone knows that can solve my issue? Or any suggestions, how to do it?

Solution

  • Recently i implemented Role authorization without using Memberhip provider. Thought this might help you.I have a database table with UserName, Password and a Role and i needed to check the role against the database.

    Below is my custom RoleFilter class.

    using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace MvcApplicationrazor.Models.ActionFilters
{
    public class RoleFilter : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (GetCurrentUserRole() != "Admin")// Check the Role Against the database Value
            {
                filterContext.Result = new RedirectResult("~/Redirect/NoPermission");
                return;
            }
        }
    }
}

    Controller:

    [RoleFilter]//Check the Role, if not allowed redirect to NoPermission view
public ActionResult Index()
{
   return View();
}