current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
up vote 2 down vote favorite

What can be the best way to implement custom authorization attribute in MVC 3 using claims?

For example we have claims:

public static class OrderClaims
{
        public static Claim Create = new Claim(ClaimTypes.Create, Resources.Order, Rights.PossessProperty);
        public static Claim Read = new Claim(ClaimTypes.Read, Resources.Order, Rights.PossessProperty);
        public static Claim Update = new Claim(ClaimTypes.Update, Resources.Order, Rights.PossessProperty);
        public static Claim Delete = new Claim(ClaimTypes.Delete, Resources.Order, Rights.PossessProperty);
}

The ClaimTypes class:

public static class ClaimTypes
{
    public const string Create = "http://schemas.testsite.com/2012/01/claims/create";
    public const string Read = "http://schemas.testsite.com/2012/01/claims/read";
    public const string Update = "http://schemas.testsite.com/2012/01/claims/update";
    public const string Delete = "http://schemas.testsite.com/2012/01/claims/delete";

}

and Resources:

public static class Resources
{
    public const string Orders = "http://schemas.testsite.com/2012/01/resources/orders";
    public const string Customers = "http://schemas.testsite.com/2012/01/resources/customers";
}

The first way to implement authorization attribute that I thought of is add 2 string properties to ClaimAuthorizeAttribute class:

public class ClaimAuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
    public string ClaimType {get;set;}
    public string Resource {get;set;}
}

and apply this attribute to controller/action:

[ClaimAuthorizeAttribute(ClaimType = ClaimTypes.Create, Resource = Resources.Orders)]
public ActionResult CreateOrder()
{
    ...
}

the second way I thought of was to add one attribute of type Claim, so the action attribute will look like this one:

[ClaimAuthorizeAttribute(Claim = OrderClaims.Create)]
public ActionResult CreateOrder()
{
    ...
}

but that'll give compiler error (An attribute argument must be a constant expression...).

How would You implement claims authorization in MVC 3?

share|improve this question

closed as off-topic by Jamal Jun 22 '14 at 20:12

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • "Questions containing broken code or asking for advice about code not yet written are off-topic, as the code is not ready for review. Such questions may be suitable for Stack Overflow or Programmers. After the question has been edited to contain working code, we will consider reopening it." – Jamal
If this question can be reworded to fit the rules in the help center, please edit the question.
    
WIF's ClaimsAuthorizationManager seems like an interesting place to possibly try something more centralized for this: msdn.microsoft.com/en-us/library/ee748497.aspx –  WorldMaker Oct 4 '12 at 0:34

Browse other questions tagged or ask your own question.