I am trying to accomplish the following
There are multiple roles (role1, role2, role3 etc) and they all have different access levels. Role2 can access the same, as role1, but not role3.
I know I can do it with the authorize attribute in the controller, but is there a different way that may be more elegant instead of just a list of roles in the attribute?
You can configure authorization policies, means grouping roles into policies.
ASP.NET Core example :
services.AddAuthorization(options => { options.AddPolicy("Role1", policy => policy.RequireRole("Role1"); options.AddPolicy("Role2", policy => policy.RequireRole("Role1", "Role2"); options.AddPolicy("Role3", policy => policy.RequireRole("Role1", "Role2", "Role3"); }); And use your policies in your controllers with an authorize attribute :
[Authorize(Policy = "Role3")] I have solved it in the following way:
AuthorizeRoleAttribute.cs
public class AuthorizeRoleAttribute : AuthorizeAttribute { public AuthorizeRoleAttribute(string role) : base() { var result = Enum.Parse(typeof(RolesEnum), role); int code = result.GetHashCode(); List<string> list = new List<string>(); foreach (var item in Enum.GetValues(typeof(RolesEnum))) { int tmpCode = item.GetHashCode(); if (tmpCode >= code) { list.Add(item.ToString()); } } Roles = string.Join(",", list); } } Role ENUM:
public enum RolesEnum { User = 100, Supervisor = 200, Administration = 300, Admin = 400 } Controller:
[AuthorizationRole("Supervisor)] //Some Code
The controller will automaticaly look up what roles have more or equal access to supervisor by the number in the Enum.
AuthorizeRoleAttribute(RolesEnum role) : base(). Then you apply it [AuthorizationRole(RolesEnum.Supervisor)]. Now you do not have to worry about spelling mistakes.