Multiple Authorization attributes on method

Question

I\'m having trouble specifying two separate Authorization attributes on a class method: the user is to be allowed access if either of the two attributes are true.

Th

Answer 1

Multiple AuthorizeAttribute instances are processed by MVC as if they were joined with AND. If you want an OR behaviour you will need to implement your own logic for checks. Preferably implement AuthAttribute to take multiple roles and perform an own check with OR logic.

Another solution is to use standard AuthorizeAttribute and implement custom IPrincipal that will implement bool IsInRole(string role) method to provide 'OR' behaviour.

An example is here: https://stackoverflow.com/a/10754108/449906