I've tried creating an easy filter to see if the user is in a role called "System Administrator", basically short hand for having to do [Authorize(Roles = "System Administrator")]. I thought it would be fairly simple, but I'm also fairly new to MVC so perhaps I'm overlooking something.
Here's my code:
using System.Web.Mvc;
namespace site_redesign_web.Filters
{
public class SystemAdminFilter : ActionFilterAttribute
{
string SysAdminRole = "System Administrator";
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.RequestContext.HttpContext.User != null)
{
var userSysAdmin = filterContext.RequestContext.HttpContext.User.IsInRole(SysAdminRole) == true;
filterContext.ActionParameters["IsSysAdmin"] = userSysAdmin;
}
}
}
}
Can some one suggest where am I going wrong? A huge plus would be if the person isn't a System Administrator it would direct them to Home/NoPermissions.
Thank you!
Updated: Fixing all issues. AJ. Here you go... Finally fixed the problem
using ActionFilterAttribute
using System.Web.Mvc;
namespace site_redesign_web.Filters
{
public class SystemAdminFilter : ActionFilterAttribute
{
string SysAdminRole = "System Administrator";
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.RequestContext.HttpContext.User != null)
{
var userSysAdmin = filterContext.RequestContext.HttpContext.User.IsInRole(SysAdminRole) == true;
if(!userSysAdmin)
{
filterContext.Result = new RedirectToRouteResult(
new System.Web.Routing.RouteValueDictionary{
{"controller", "Home"},
{"action", "Index"}
});
}
}
}
}
}
and your Controller should be
[SystemAdminFilter] // at controller level
public SomeController : Controller
{
}
or you can also use it for a particular Action by annotating like this
public SomeController : Controller
{
[SystemAdminFilter] // at Action level
public ActionResult SomeAction()
{
// perform your actions
}
It will work because I manually passed in the User with his role in the Application_AuthorizeRequest in Global.asax
protected void Application_AuthorizeRequest(Object sender, EventArgs e)
{
FormsAuthenticationTicket formsAuthenticationTicket = new FormsAuthenticationTicket("Aravind", true, 30);
FormsIdentity formsIdentityId = new FormsIdentity(formsAuthenticationTicket);
GenericPrincipal genericPrincipal = new GenericPrincipal(formsIdentityId, new string[] { "SystemUser" }); //TEST with this redirected to Home Index place
HttpContext.Current.User = genericPrincipal ;
}
The next test I made was with this
GenericPrincipal genericPrincipal = new GenericPrincipal(formsIdentityId, new string[] { "System Administrator" }); //TEST with this did not perform an action