0

I made my own custom Role table in my database and I wanted to also create a custom authorize attribute along with it.

Here is what I have so far, but I'm not really sure how to proceed:

    private List<RoleModel> Roles;
    private IRoleRepository repo;
    private ICustomerRepository cust;


    public bool CheckRoles(string UserId)
    {
        try
        {
            Roles = repo.GetAll().ToList();
            CustomerModel Customer = cust.Get(UserId);
            int CustomerRole = Customer.RoleId;
            RoleModel role = Roles.First(x => x.id == CustomerRole);


        }
        catch(Exception e)
        {
            return false;
        }
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);
        string UserId = filterContext.HttpContext.User.Identity.GetUserId();



    }

If anyone can help me finish this I would greatly appreciate it.

Thanks!

Improve this question
1
  • 1
    which part you are stuck, can you elaborate? Commented Jul 17, 2016 at 21:55

1 Answer 1

Reset to default
1

I think that create a custom AuthorizeAttribute is not a good idea. It is a good practice to use the standard AuthorizeAttribute.

It is a common case to have its own Role table. It is better to override how to set the roles of the identity of your principal and to use the Roles property of AuthorizeAttribute. Set the role as a claim once when the user is logging; it will be better than retrieve the role from database in the custom Authorize attribute at each request. Set your claim CalimTypes.Role, and then protect your controllers/actions with :

[Authorize(Roles = "admin")]
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The reason that I made my own role table is because you have to buy a role so each role has a price column along with it and the default doesn't have that. However, do you think it would be good practice to give my role table a foreign key of ASPRoleId and link to it that way?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.