I'm currently working on my exam project in ASP.NET MVC 5 (C#).
My problem is one of my controllers, which is heavily relying on the authorize roles attribute to make sure people have a certain role and thereby access to the various functions in the controller. It was working fine, right until I wanted to use dependency injection through the constructor... it seems after I installed ninject for mvc3, set up the bind and made the constructor accepting the interface in the controller. That it just ignores all authorize tags? I know it's not syntax errors because nothing is different in the controller, except the new constructor. This seems to have no effect on the account controller though so I have to presume Ninject is messing things up.
Everyone can do everything they want and run all methods in the controller since I set it up for ninject and I simply don't get it?
Can anyone help or know of this issue and any steps to take to fix it?
I have to turn in the project monday so I was hoping some guru could enlighten me relatively fast on this issue. A google search tells me Ninject doesn't work with the attribute is that true? If it is I'm pretty screwed.
Well I basically added this to the NinjectWebCommon's "RegisterServices" method:
kernel.Bind<IChildRepository>().To<ChildRepository>();
(I'm making a site for an institution that watches kids after school etc. the childcontroller controls the management of "children" created in the system).
private readonly IChildRepository _childRepository;
public ChildController(IChildRepository childRepository)
{
_childRepository = childRepository;
}
This is my repository class:
public class ChildRepository : IChildRepository
{
ChildContext context = new ChildContext();
public IQueryable<Child> All
{
get { return context.Children; }
}
public IQueryable<Child> AllIncluding(params Expression<Func<Child, object>>[] includeProperties)
{
IQueryable<Child> query = context.Children;
foreach (var includeProperty in includeProperties)
{
query = query.Include(includeProperty);
}
return query;
}
public Child Find(int id)
{
return context.Children.Find(id);
}
public void InsertOrUpdate(Child child)
{
if (child.ChildId == default(int))
{
context.Children.Add(child);
}
else
{
context.Entry(child).State = System.Data.Entity.EntityState.Modified;
}
}
public void Delete(int id)
{
var child = context.Children.Find(id);
context.Children.Remove(child);
}
public void Save()
{
context.SaveChanges();
}
public void Dispose()
{
context.Dispose();
}
}
And my repo interface:
public interface IChildRepository : IDisposable
{
IQueryable<Child> All { get; }
IQueryable<Child> AllIncluding(params Expression<Func<Child, object>>[] includeProperties);
Child Find(int id);
void InsertOrUpdate(Child child);
void Delete(int id);
void Save();
}
This is the index method in the controller method to show you how I'm using authorize:
[Authorize(Roles = "Admin, CanEdit")]
public ActionResult Index()
{
return View(_childRepository.All.ToList());
}
How it works now? You can access the childcontroller views and all the other methods besides index without even being logged into the system?
I found the solution to the problem by googling, apparently adding this line to the registerservices method solves the entire issue.
kernel.Bind<IFilterProvider>().To<FilterAttributeFilterProvider>();
Got it from this guy which I love right now: http://pieterderycke.wordpress.com/2012/03/01/using-asp-net-filters-with-the-ninject-depencency-resolver/
Thought I would answer the question myself so if others run into the same issue they can make it work!