asp.net MVC 3 applying AuthorizeAttribute to areas

Saan picture Saan · May 16, 2011 · Viewed 7.8k times · Source

I'm currently writing an Admin MVC 3 site, and each user only has access to certain parts of the site.

The areas of my site are the same as the user Roles, so what I would like to do is the put the AuthorizeAttribute on each area, using the area's name as the parameter in the Role.

So far I've got this to work when I'm hard coding the checking of each area, but I would like to just loop through all areas and apply the Authorize filter. (i'm using this as my custom FilterProvider - http://www.dotnetcurry.com/ShowArticle.aspx?ID=578)

My code so far ("Gcm" is one of my areas, and is also a Role) :

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new HandleErrorAttribute());
    // for all controllers, run AdminAuthorizeAttribute to make sure they're at least logged in
    filters.Add(ObjectFactory.GetInstance<AdminAuthorizeAttribute>());

    AdminAuthorizeAttribute gcmAuthroizeAttribute = ObjectFactory.GetInstance<AdminAuthorizeAttribute>();
    gcmAuthroizeAttribute.Roles = "Gcm";

    var provider = new FilterProvider();
    provider.Add(
        x =>
        x.RouteData.DataTokens["area"] != null && x.RouteData.DataTokens["area"].ToString() == "Gcm"
            ? gcmAuthroizeAttribute
            : null);
    FilterProviders.Providers.Add(provider);
}

Does anyone know how to get all the areas of my application, so I can just loop through them, rather than hard coding each area?

Or if anyone has a better idea of how to Authorize per area, that would be appreciated to.

Thanks for your help Saan

Answer

mccow002 picture mccow002 · Jul 1, 2011

You could you make a base controller for each area, and put the authorize attribute over the base class. That way you can pass the area parameter in for each area's base controller.