c# - Passing Func as an attribute parameter to secure MVC routes -
I am trying to protect my MVC routes from the set of users who get a set of criteria. Since the use of MVC features is doing a lot and Steven Sanderson has used one for security extension in his supportive MVC book, I have started moving towards this path, but on the basis of which I implement it But contextually I want to define the rule.
Some actions are for employees only, nothing is there.
Some actions are only for company 1, nothing is there.
So I was thinking like this ...
[DisableAccess (BlockUsersWhere = u = & gt; u.Company! = "Acme")] Public Action Proceedings AcmeOnlyAction () {...} [DisableAccess (BlockUsersWhere = U = & Gt; u.Isemployee == Wrong)] Public Initiative Employee Employee Recently Action () {...}
Looks very clean for me and is really very easy to implement, but I get the compiler error:
'blockwise' is not a valid naming feature argument Nki It is a valid attribute parameter type is not
apparently you can not use it as an attribute arguments to function. Any other suggestion or something that provides simple use to come around this issue, have we come to love in our MVC projects?
The suggestion of the nicrous will work, but you can have your Security Guards
will have to call assistant.
If you still like to go with the declarative attribute-based approach (which has the advantage that you can implement the attribute for the entire controller), you should make your own
< Code> Public Class Customs can: Authorize attribution {public bool employee only {receives; Set; } Private string _company; Public string company {back to {return_company; } Set {_company = value; }} Protected Override Balls Authorized Core (HTTPPTTtext.HPContext) {return base. Authorized Corp (HPContex) & amp; MyAuthorizationCheck (HttpContext); } Private bool MyAuthorizationCheck (HttpContextBase httpContext) {IPrincipal user = httpContext.User; If only (employee & amp ;! VerifyUserIsEmployee (user)) {return false; } If (! String.IsNullOrEmpty (Company) &! VerifyUserIsInCompany (user)) {return false; } Back true; } Private Butter VerifyUserIsInCompany (IPrin User) {// Your Check Here} Private Butter VerifyUserIsEmployee (IPrincipal User) {// Check Here Here}}
Then you will use it as follows [...]>
Comments
Post a Comment