asp.net mvc custom attribute

grahamor

Hi,

I am making an application that uses forms authentication. There is also a service in place that returns JSON info relating to the users and what they can see. Membership roles are not used in this case.

2 items are passed back from the service, the application name and an array of rights that the user has. I need to be able to restrict access to certain views based on this info from the service.

I created a custom attribute like so :

    public class CustomAuthorisationAttribute : AuthorizeAttribute
    {
        public string ApplicationName
	public string[] Rights

	//more logic to add here...
    }

I then add this attribute to the controller so only certain users can view it.

    [CustomAuthorisation(ApplicationName="main",Roles= new [] {'isAdmin','canView')]
    public ActionResult Index()
    {
        return View();
    }

I am wondering how i can compare what values are passed back from the service to what values are specified in the Attribute above the view ? The compare logic can determine whether to display the view or redirect them to another page on the site.

I hope i have been clear

Thanks

Giblet

You override the AuthorizeCore method, and there are others you can override as well.

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
           
    //logic to test if roles are valid.
    return SomeMethodWhichChecksRoles();
}