dynamically mapping roles to controllers in ASP.Net MVC

Question

I am currently hard coding the authorized roles in the filter in my MVC applications like so:

[Authorize(Roles = \"Administrator,Manager\")]

<

Answer 1

You're going to need to write your own authorization filter (probably by extending the built in one).

The reason for this is that you can't assign attribute parameters dynamically like that.

You won't need to mess with the MVC source code - you just need to create a class which inherits from System.Web.Mvc.AuthrorizeAttribute, override AuthorizeCore, and then use your attribute in place of the default:

public class CustomAuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        // Put your custom logic here, returning true for success and false for failure,
        // or return base.AuthorizeCore(httpContext) to defer to the base implementation
    }
}