c# - info for page if requiment roles -

- September 15, 2015

i have controller requirement role names "admin":

it's part of controller:

[authorize(roles="admin")] public class rolesadmincontroller : controller {     public rolesadmincontroller()     {     }      public rolesadmincontroller(applicationusermanager usermanager,         applicationrolemanager rolemanager)     {         usermanager = usermanager;         rolemanager = rolemanager;     }      private applicationusermanager _usermanager;     public applicationusermanager usermanager     {                 {             return _usermanager ?? httpcontext.getowincontext().getusermanager<applicationusermanager>();         }         set         {             _usermanager = value;         }     }      private applicationrolemanager _rolemanager;     public applicationrolemanager rolemanager     {                 {             return _rolemanager ?? httpcontext.getowincontext().get<applicationrolemanager>();         }         private set         {             _rolemanager = value;         }     }

and definition of applicationrolemanager inherit of rolemanager

public class applicationrolemanager : rolemanager<identityrole> {     public applicationrolemanager(irolestore<identityrole,string> rolestore)         : base(rolestore)     {     }      public static applicationrolemanager create(identityfactoryoptions<applicationrolemanager> options, iowincontext context)     {         return new applicationrolemanager(new rolestore<identityrole>(context.get<applicationdbcontext>()));     } }

if user don't has rolename admin (i dont know how) moved accountcontroller , method: public actionresult login(string returnurl) it's definition:

    [httpget]     [allowanonymous]     public actionresult login(string returnurl)     {         viewbag.returnurl = returnurl;         return view();     }

now want push info method if user aren't admin , give info "hey! don't have acces part of page, please login admin account", expanded method form:

    public actionresult login(string returnurl)     {          if (returnurl != null &&             returnurl.contains("admin") &&             request.isauthenticated &&             !user.isinrole("admin"))         {             if (request.isauthenticated)                 viewbag.info = "hey! don't have acces part of page, please login admin account";             else                 tempdata["info"] = "hey! don't have acces part of page, please login admin account";             return redirecttoaction("index", "home");         }         viewbag.returnurl = returnurl;         return view();     }

in way know, controller, has name "admin", f.e rolesadmincontroller, useradmincontroller requirement roles="admin", isn't coolest way :/

it works fine, other way define info if user (or guest) don't have access controller?

i searched , find answer: simple create custom authorize class. it's explained on video: https://www.youtube.com/watch?feature=player_embedded&v=bsxusymsgea or here: https://www.youtube.com/watch?v=vpyjmut-lg4&list=pl5mzid1lr-vld5ec3m1__xn_1zvyjhocd&index=26

or try ask uncle google "create custom authorizeattribute"

example:

public class roleattribute : authorizeattribute     {         public string userrole { get; set; }         protected override bool authorizecore(httpcontextbase httpcontext)         {             return (httpcontext.request.isauthenticated && httpcontext.user.isinrole(userrole));         }          //if authorizecore return false         protected override void handleunauthorizedrequest(authorizationcontext filtercontext)         {             //add session             filtercontext.requestcontext.httpcontext.session["aa"] = "hey! haven't access!";             string action = "";             string controller = "";             //get current action             if (filtercontext.controller.controllercontext.routedata.values["action"] != null)             {                 action = filtercontext.controller.controllercontext.routedata.values["action"].tostring();             }             //get current controller             if (filtercontext.controller.controllercontext.routedata.values["controller"] != null)             {                 controller = filtercontext.controller.controllercontext.routedata.values["controller"].tostring();             }             //add values temp data             filtercontext.controller.tempdata.add("roleerrors", "hey! don't have access!");              //redirect register method , example add info - returnurl             filtercontext.result = new redirecttorouteresult(                 new system.web.routing.routevaluedictionary(                     new                     {                         controller = "account",                         action = "register",                         returnurl = string.format("{0}/{1}",controller,action)                     })                 );         }     }

then in controller can use as:

[role(userrole = "yourrole")] public class mycontroller : controller {      ... }

and in accountcontroller push method:

public actionresult register(string returnurl) {    ...    viewbag.error = tempdata["roleerrors"] string;    return view(); }

and in view():

@if(viewbag.error != null) {    <p>@viewbag.error</p> }

Search This Blog

Back

c# - info for page if requiment roles -

Comments

Post a Comment

Popular posts from this blog

javascript - how to protect a flash video from refresh？ -

visual studio 2010 - Connect to informix database windows form application -

android - Associate same looper with different threads -