search

kristofferahl / FluentSecurity

Fluent Security configuration for ASP.NET MVC
MIT License
163 stars 47 forks source link

configuring fluent security using database table #22

Closed kketan closed 12 years ago

kketan commented 12 years ago

Hi,

I have created a table which has following structure:

CREATE TABLE [dbo].[ControllerActionRole] (

Controller nvarchar (100) NOT NULL,
[Action] nvarchar (100) NULL,
[Role]  nvarchar (50) NOT NULL

)

I am populating data in this table with the controller and action which i create in and the role which has access.

I want to use this information for configuring the policy .But I am not able to configure it as the 

             Type a = gh.GetControllerType(controllerName);

                configuration.For<a>(x => x."Action"()).DenyAuthenticatedAccess();

its dynamic type cannot be understod by For<>also method name also how can I pass the Action?

kristofferahl commented 12 years ago

I'm sorry but I don't think what you are trying to makes any sense. FluentSecurity uses a fluent interface with expression to make sure your configuration is in sync with the names of your controllers and actions. So to move away from that and back to using strings (magic) for the controllers and actions is not what you should be doing. However, I think what you are trying to do can still be done. Have a look at the following Stack Overflow question and the answer by Blowdart: http://stackoverflow.com/a/7286718/44085

Let me know if you need any more help.

kketan commented 12 years ago

Thank you Kristofferahl !!! I am a newbie to MVC .I got your point .I found a solution at http://www.ryanmwright.com/2010/04/25/dynamic-controlleraction-authorization-in-asp-net-mvc/ which is similar to one of solutions mentioned in the your suggested link. I had to remove the code which reads from web.config and query it from database instead.The derived classes ControllerAuthorizeAttribute and ActionAuthorizeAttribute overrides the method OnAuthorization inherited from AuthorizeAttribute class.The advantage on this approach is that I can build dynamic menu based on the role by having display name as one of its field in the table.

kristofferahl commented 12 years ago

Glad to hear that you found a solution thtat meets your needs! :O) I'll close this issue...