locked
Add Authorization on class, and specific Authorization on method RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1952516322 posted

    Hello All,

    If I have a controller and the [Authorize(Roles ="Admin")], and there is a method or action in this controller, I want to give access also to Student 

    So >>

        [Authorize(Roles = "Admin")]
    public class HomeController : Controller
    {

      
        [Authorize(Roles ="Student")]
        public void GetAll()
        {
           // Code here..
        }
}

    how it can be the method > GetAll() can Admin and Student use it,,,

    and If I want to use the policy how it can be?

    I tried the policy and I wrote in startup the below code, but it is not working

    services.AddAuthorization(options =>
            {
                options.AddPolicy("MyPolicy", policy =>
                 {
                     policy.AddAuthenticationSchemes("Cookie", "Bearer");
                     policy.RequireAuthenticatedUser();
                     policy.RequireRole("Admin,Student");
                     policy.RequireClaim("editor", "contents");
                 });
            });

    Thanks

    Sunday, April 14, 2019 11:11 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    First, it really helps if you read the documentation.

    https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-2.2

    how it can be the method > GetAll() can Admin and Student use it,,,

    If you want Admin or Students to access the controller then separate the roles by a comma.

    [Authorize(Roles = "Admin,Student")]

    I tried the policy and I wrote in startup the below code, but it is not working

    services.AddAuthorization(options =>
            {
                options.AddPolicy("MyPolicy", policy =>
                 {
                     policy.AddAuthenticationSchemes("Cookie", "Bearer");
                     policy.RequireAuthenticatedUser();
                     policy.RequireRole("Admin,Student");
                     policy.RequireClaim("editor", "contents");
                 });
            });

    What is not working?  When asking a question on the forum explain the expected results and the actual results.  

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 14, 2019 11:36 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    This controller can access by Admin and student for all action/methods,, but If there is a specific method just the Amin and (( Student )) can access to it ??? it can be or not? 

    Roles attributes do not work as you want.  Please read the documentation.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 14, 2019 12:37 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    First, it really helps if you read the documentation.

    https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-2.2

    how it can be the method > GetAll() can Admin and Student use it,,,

    If you want Admin or Students to access the controller then separate the roles by a comma.

    [Authorize(Roles = "Admin,Student")]

    I tried the policy and I wrote in startup the below code, but it is not working

    services.AddAuthorization(options =>
            {
                options.AddPolicy("MyPolicy", policy =>
                 {
                     policy.AddAuthenticationSchemes("Cookie", "Bearer");
                     policy.RequireAuthenticatedUser();
                     policy.RequireRole("Admin,Student");
                     policy.RequireClaim("editor", "contents");
                 });
            });

    What is not working?  When asking a question on the forum explain the expected results and the actual results.  

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 14, 2019 11:36 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1952516322 posted

    Thanks mgebhard,

    but If I don't want from another role as an example from your code 

    [Authorize(Roles = "Admin,Student")]

    This controller can access by Admin and student for all action/methods,, but If there is a specific method just the Amin and (( Student )) can access to it ??? it can be or not? 

    I tried this and its working fine..

     services.AddAuthorization(options =>
            {
                options.AddPolicy("MyPolicy", policy =>
                 policy.RequireRole(new string[] { "Admin", "HR" }));
            });

    Thanks again

    Sunday, April 14, 2019 12:10 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    This controller can access by Admin and student for all action/methods,, but If there is a specific method just the Amin and (( Student )) can access to it ??? it can be or not? 

    Roles attributes do not work as you want.  Please read the documentation.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 14, 2019 12:37 PM