RSS Feed

Asp .Net Mvc [Authorize] over Wcf – Role Check

In Asp.Net MVC you can attach various attributes to the controllers actions. One of them is Authorize which is used to managed access.

        [Authorize]
        public ActionResult Index()
        {
            var profile = _service.GetByName(UserName);

            return RedirectToAction(“Details”, new { id = profile.ID });
        }

In this example every time user runs the Index action Authorize class performs :

  1. Check if user is in list of users in the Authorize User parameter.
    • you can set usernames parameter
      • [Authorize(Users=“Mike,Tim”)]
  2. Check if the user is logged in.
    • if (!user.Identity.IsAuthenticated)
      {
              return false;
      }
  3. Check if user is atlest in one role definied in authorize parameters
    • [Authorize(Roles=“admin”)]
    • role check looks like this
    • if (!Enumerable.Any<string>(roles, new Func<string, bool>(user.IsInRole)))
      {
              return false;
      }

 

In my scenario I have database with all the data required for the membership provider on another server. Simple methods like ValidateUser are on the wire. Default Authorize class uses the user.IsInRole which needs “local” role provider . With DB behind the service layer it won’t work at all.  I have launched ILSpy and made a little research.

It appears that Authorize Attribute is not sealed and you can extend its behaviors. Mehods inside class are marked as virtual so you can easily override them.

So here is my implementation of Authorize class over WCV. Most important part is the call service.IsUserInroles(name). Service through WCF check the roles and return boolean value.

    public class AuthorizeAttributeWCF : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException(“httpContext”);
            }
            IPrincipal user = httpContext.User;
            if (!user.Identity.IsAuthenticated)
            {
                return false;
            }
            if (this.Users.Length > 0 && !Enumerable.Contains<string>(this.Users.Split(‘,’), user.Identity.Name, StringComparer.OrdinalIgnoreCase))
            {
                return false;
            }
            if (this.Roles.Length > 0)
            {
                string [] roles = this.Roles.Split(‘,’);
                var service = new ProfileService.ProfileServiceClient();
                return service.IsUserInRoles(user.Identity.Name,roles);
            }
            return true;
        }
    }

Method used in my service

        public bool IsUserInRoles(string userName,string[] roles)
        {
            foreach (string s in roles)
            {
                if (Roles.IsUserInRole(userName,s))
                {
                    return true;
                }
            }
            return false;
        }
Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s