How to coordinate IAuthenticationFilter work in asp.net mvc?

A

Anatoliy Mikhailov2014-10-13 16:12:54

ASP.NET

Anatoliy Mikhailov, 2014-10-13 16:12:54

For the project, I made 3 filters IAuthenticationFilter
BasicAuthorizeAttribute - checks for roles based on aspnet identity
RoomMemberAuthorizeAttribute - checks for membership in the room (according to its own database)
RoomAdminAuthorizeAttribute - checks for membership in the admin group in the contan,
each separately checks separately, but if specify them in one method, for example

[RoomMemberAuthorize]
[BasicAuthorize(Roles = "Admin")]
public ActionResult Details(int? id)

then their execution goes sequentially and if it is required that both room members and/or admins get access to the method, then according to the current logic of their work, access is given only if they are in the admin group.
What is the best way to implement their interaction?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

DSergeev, 2014-10-19
@DSergeev

First rule: you don't need to make your own [Authorize] implementation. you better not do it, it wakes up full of holes. Why make your own? what did not suit the standard?
[Authorize(Roles = "Administrator, User")]
[Authorize(Users= "User1, User2")]
There is also an Order property that sets the execution order.