So I have a controller that I want to lock down to various levels of membership. Lets say I have the following roles: Viewer LocalAdmin GlobalAdmin
This is an admin controller so I start by making sure that a user must be logged in with the [Authorize] attribute on the controller itself
However, a Viewer should not have access to this controller so I need to specify that the user must be at least a LocalAdmin so the attribute needs to be [Authorize(Roles = "LocalAdmin")].
My question is about the higher level actions in this controller that can only be performed by a GlobalAdmin. Is there a way to assign all actions to LocalAdmin as a minimum and then override some with [Authorize(Roles = "GlobalAdmin")]?
It is possible. You can assign the whole class as the LocalAdmin so all the functions in that class will have the localadmin access. Only those functions which want global access you can annotate it with the globalAdmin. The annotations of the functions are given preference.