I want to write my own attribute, which will be similar to [Authorize(Role = "Admin", Permission = "Create")] so that I can use this construct in front of the class. Permission for admin is stored in a separate database table.

UPD

Intended use:

 public ExampleController : Controller{ ... [Authorize(Role = "Admin", Permisson = "Edit")] public ActionResult Example(){ } }

What is there?

There was an idea to inherit from AuthorizeAttribute and add the Permissions property

 public class ExampleAuthorizeAttribute : AuthorizeAttribute { private string[] allowedUsers; private string[] allowedRoles; private string[] allowedPermission; public string Permissions { set { allowedPermission = value.Split(',', ' ').ToArray(); } } public ExampleAuthorizeAttribute(string[] users, string[] roles) { allowedUsers = users; allowedRoles = roles; } // здесь перед return проверить Permissions protected override bool AuthorizeCore(HttpContextBase httpContext) { return httpContext.Request.IsAuthenticated && hasUser(httpContext) && hasRole(httpContext); } private bool hasUser(HttpContextBase httpContext) { return allowedUsers.Length > 0 ? allowedUsers.Contains(httpContext.User.Identity.Name) : true; } private bool hasRole(HttpContextBase httpContext) { return allowedRoles.Length > 0 ? allowedRoles.Any(role => httpContext.User.IsInRole(role)) : true; } }

And then use it, but it’s completely understandable how to put the Permissions of the user into context

 public ExampleController : Controller{ ... [ExampleAuthorize(Role = "Admin", Permisson = "Edit")] public ActionResult Example(){ } }

But it seems that not quite the right decision

ps mvc 4

  • I understand that it is not specifically by sabzh, but suddenly it will solve the final task: if you are not familiar yet, then read about the Entity Framework and the Fluent API . - ZloyMakak
  • An attribute is nothing more than a hanging piece of paper on a bulletin board. You will hang your attribute, and who will read and interpret it? - VladD
  • @VladD so I need literature to describe how to interpret it - Vadim Prokopchuk
  • @VP: Well, I don’t think that the framework makes it possible to define custom attributes. However, maybe it is so, let's wait for the experts. - VladD
  • @VladD, experts in what? is there some tag missing? - 4per

2 answers 2

Good day. I would venture to suggest that you are using ASP.NET MVC. As a solution:

  public class MyAuthAttribute : FilterAttribute, IAuthenticationFilter { public void OnAuthentication(AuthenticationContext filterContext) { var user = filterContext.HttpContext.User; if (user == null || !user.Identity.IsAuthenticated) { filterContext.Result = new HttpUnauthorizedResult(); } } public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext) { var user = filterContext.HttpContext.User; if(user==null || !user.Identity.IsAuthenticated) { filterContext.Result = new RedirectToRouteResult( new System.Web.Routing.RouteValueDictionary { { "controller", "Account" }, { "action", "Login" } }); } } }

You can read in detail here.

  • Not exactly what I need. But take note! - Vadim Prokopchuk

I will assume that the author meant something like this:

 [AttributeUsage(AttributeTargets.Method | AttributeTargets.Property)] public class V8VisibleAttribute : Attribute { public string Alias { get; } public bool HasDefaultValue { get; set; } public V8VisibleAttribute() { } public V8VisibleAttribute(string alias) { this.Alias = alias; } } public class testComponent { [V8Visible("Версия")] public string Version => "1.0"; }

And use:

 var type = test.GetType(); var info = (System.Reflection.TypeInfo) type; var props = info.DeclaredProperties.Where(x => Attribute.IsDefined(x, typeof (V8VisibleAttribute))).ToList(); var methods = info.DeclaredMethods.Where(x => !x.IsSpecialName && Attribute.IsDefined(x, typeof(V8VisibleAttribute))).ToList(); foreach (var prop in props) { var v8VisibleAttribute = Attribute.GetCustomAttribute(prop, typeof(V8VisibleAttribute)) as V8VisibleAttribute; } foreach (var prop in methods) { var v8VisibleAttribute = Attribute.GetCustomAttribute(prop, typeof(V8VisibleAttribute)) as V8VisibleAttribute; }

reference