ASP.NET Web API 2 - Enum Authorize Attribute
This post shows you how to create a custom authorization attribute which allows you to pass in a list of enums as parameters to restrict access by role. I'm using this attribute on the controllers of a RESTful Web API built with ASP.NET WEB API 2.
The stock standard AuthorizeAttribute that ships with .NET only allows you to pass in a list of roles as a comma separated string to restrict access like this:
[Authorize(Roles = "Admin, User, etc")]
I wanted instead to use a strongly typed approach like passing in a list of enum values like this:
[AuthorizeRoles(Role.Admin, Role.User)]
To do this you need to create a custom authorization attribute which turns out to be surprisingly simple, this is all you have to do:
public class AuthorizeRolesAttribute : AuthorizeAttribute
{
private Role[] _roles;
public AuthorizeRolesAttribute(params Role[] roles)
{
_roles = roles;
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
return _roles.Contains(Globals.CurrentUser.Role);
}
}
This is the Role enum, you can any roles you like here, Admin and User are just examples:
public enum Role {
Admin,
User
}
I'm checking the roles against the Globals.CurrentUser object which I set during request authentication using a slightly modified version of the custom HTTP module posted by Mike Wasson on Basic Authentication.
Here's my modified version of the AuthenticateUser method of the BasicAuthHttpModule:
private static bool AuthenticateUser(string credentials)
{
var encoding = Encoding.GetEncoding("iso-8859-1");
credentials = encoding.GetString(Convert.FromBase64String(credentials));
var credentialsArray = credentials.Split(':');
string userCode = credentialsArray[0];
string password = credentialsArray[1];
var user = _userService.GetByUsernameAndPassword(username, password);
if (user == null)
return false;
var identity = new GenericIdentity(user.Username);
SetPrincipal(new GenericPrincipal(identity, new[] { user.Role.ToString() }));
Globals.CurrentUser = user;
return true;
}
Subscribe or Follow Me For Updates
Subscribe to my YouTube channel or follow me on Twitter, Facebook or GitHub to be notified when I post new content.
- Subscribe on YouTube at https://www.youtube.com/JasonWatmore
- Follow me on Twitter at https://twitter.com/jason_watmore
- Follow me on Facebook at https://www.facebook.com/JasonWatmoreBlog
- Follow me on GitHub at https://github.com/cornflourblue
- Feed formats available: RSS, Atom, JSON
Other than coding...
I'm currently attempting to travel around Australia by motorcycle with my wife Tina on a pair of Royal Enfield Himalayans. You can follow our adventures on YouTube, Instagram and Facebook.
- Subscribe on YouTube at https://www.youtube.com/TinaAndJason
- Follow us on Instagram at https://www.instagram.com/tinaandjason
- Follow us on Facebook at https://www.facebook.com/TinaAndJasonVlog
- Visit our website at https://tinaandjason.com.au
Need Some ASP.NET Web API Help?
Search fiverr to find help quickly from experienced ASP.NET Web API developers.