AuthorizeAttributeAclModule multiple AutorizeAttribute

Nov 17, 2010 at 6:01 PM


I use multiple Authorize attribute on my controller.

In the AuthorizeAttributeAclModule.IsAccessibleToUser

 	foreach (var authorizeAttribute in authorizeAttributesToCheck)
                        var currentAuthorizationAttributeType = authorizeAttribute.GetType();

                        var builder = new AuthorizeAttributeBuilder();
                        var subclassedAttribute = (currentAuthorizationAttributeType == typeof (AuthorizeAttribute))
                                                      ? new InternalAuthorize(authorizeAttribute)
                                                      : // No need to use Reflection.Emit when ASP.NET MVC built-in attribute is used

                        subclassedAttribute.Order = authorizeAttribute.Order;
                        subclassedAttribute.Roles = authorizeAttribute.Roles;
                        subclassedAttribute.Users = authorizeAttribute.Users;

                        if (!subclassedAttribute.IsAuthorized(authorizationContext.HttpContext))
                            return false;
                        //return subclassedAttribute.IsAuthorized(authorizationContext.HttpContext);
                        // do not allow on exception
                        return false;

I put

return subclassedAttribute.IsAuthorized(authorizationContext.HttpContext);

in comment

and change the line for

                        if (!subclassedAttribute.IsAuthorized(authorizationContext.HttpContext))
                            return false;

I just whant to share this with other or if my solution is wrong please let me know


Nov 18, 2010 at 6:58 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.