[Authorize(Roles = "Admin")] // only admin
public class XController : Controller
{
[Authorize(Roles = "Employee")] // only employee
public ActionResult ActionX() { ... }
}
Only admins can access the controller and only employees can access that method, I know that this structure is not the best example but I just would like to know if this is possible! 🙂
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You absolutely can – but for your own sanity (and other developers) I would switch the Employee role to be at the Controller level (least permissive) and then have the more restrictive authorization on your action-by-action basis.
Straight from the MSDN docs.
You can further limit access by applying additional role authorization attributes at the action level:
[Authorize(Roles = "Administrator, PowerUser")]
public class ControlPanelController : Controller
{
public ActionResult SetTime()
{
}
[Authorize(Roles = "Administrator")]
public ActionResult ShutDown()
{
}
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0