4

I am working on implementing user right management on an mvc3 application.

I have defined my action methods on database with ControllerName, ActionName, and Parameters consists ParameterName and ParameterType etc.

I implemented a custom attribute which inherited from Authorize attribute.

What i am trying to do is finding the action executing among my built-in actions defined on database and calculating if user has permission on specified action or not.

The code is like this;

[HttpPost]
[MyAuthorize]
public ActionResult Edit(VendorPageItem entity)
{
  //...
}

public class MyAuthorize: System.Web.Mvc.AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        string controller = httpContext.Request.RequestContext.RouteData.Values["controller"].ToString();
        string action = httpContext.Request.RequestContext.RouteData.Values["action"].ToString();
        int userId = SessionState.Current.LoginParameter.VendorUserID;

        List<string> parameterTypes = new List<string>();
        //TODO: Find out action method parameter types. 

        return IoCWorker.Resolve<IUserRightService>().HasUserRightToAction(userId, controller, action, parameterTypes);
    }
}

My problem is finding the method parameter types in my custom attribute.

Thanks.

edit: forgot to mention that is post action. [HttpPost] added.

Improve this question
1
  • I have played around with AuthorizeAttribute this way, but have found that it's easier just to check permissions in the controller method. Commented Feb 23, 2012 at 16:01

2 Answers 2

Reset to default
2

I think reflection is the answer here.

Once you have the controller and the action, and assuming you know beforehand the namespace, you can inspect the controller Type and drill down to its methods and relative signatures/overloads.

Also inspecting the full contents of RouteData apart from controller and action can tell you what it being passed to the method.

I haven't tried it out, but from what you say it seems it will work this way.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I have folders like "Definitions", "Management", "Commons" under Controllers folder. So namespaces is different. I tryed to navigate httpContext in AuthorizeCore method about finding action parameter info but no luck.
1

I'm not sure whether I understood your question properly. If you try to access the parameter values, I have an answer for you, if you really want to know the parameter types, then @Matteo Mosca's answer will be correct:

That depends on where the parameters come from. Whether they are QueryString parameters or form parameters or cookies or...

The model binder infrastructure of ASP.NET tries to map the parameters on the action method. In your custom attribure you can access the parameters with the context, e.g. 

string input = httpContext.Request.Form["myInput"]

EDIT: This is of course not the nicest solution because you need information about the posted parameters. As I don't know your real requirements, I can't make any better suggestion. Of course you could iterate through the Form collection.

A possiblilty could be that you pass the name of the field as a parameter/property of the MyAuthorizeAttribute.

Improve this answer

4 Comments

my action method is a post aciton and i use jquery post. so i do not have query string :(.
ok, but you can access the Forms collection in the same way. I'm not sure yet whether it works with an AJAX request.
I can get form collection, but what i am seeing in it form control keys and values. e.g: as key ModelName.Entity.Name, and its value. But i have no "VendorPageItem" type on that form collection.
That's right, you only see the properties of VendorPageItem. The modelbinder can map the form content to the properties of the class. I'm not sure whether you have access to the bound data.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.