Comments on: Custom Authorization With Asp.net MVC

By: Stephen

Stephen — Wed, 14 Dec 2011 23:12:03 +0000

WOW! Thank you so much for this article. This helped me SO much!

By: How do I assign a Role to an OpenId user for an ASP.NET MVC site?

How do I assign a Role to an OpenId user for an ASP.NET MVC site? — Sat, 01 Oct 2011 23:15:27 +0000

[...] stumbled across this web post about making a custom Authorize attribute. Notice how they are checking the logged in users role [...]

By: Manthan

Manthan — Mon, 26 Sep 2011 10:01:26 +0000

THANKS A LOT

This post helped me a lot..

By: Garry

Garry — Wed, 03 Aug 2011 20:30:41 +0000

@Schotime

Ah that’s right. I got my session storage and cookie storage mixed up .

By: Schotime

Schotime — Fri, 22 Jul 2011 00:31:38 +0000

@Garry,
You cannot change the session variable from the client side.
It never gets sent to the client

By: Garry

Garry — Fri, 15 Jul 2011 17:43:57 +0000

The only issue I see with this code is that couldn’t you spoof what user group you belong to by simply changing your session role variable on the client side?

If that’s the case, then would obfuscating the role session variable get around the issue by removing the predictability of your role ids?

By: Schotime

Schotime — Thu, 10 Feb 2011 08:20:21 +0000

My VS theme is based on this: http://blog.wekeroad.com/2007/10/17/textmate-theme-for-visual-studio-take-2/

The << is the shift operator.

By: asp.net mvc AuthorizeAttribute update

asp.net mvc AuthorizeAttribute update — Mon, 17 Jan 2011 21:57:51 +0000

[...] http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/ [...]

By: Dale

Dale — Thu, 06 Jan 2011 12:52:59 +0000

Hey I dig your VS color scheme can you send me a copy of the settings? Also never seen the double << whats that?

By: Schotime

Schotime — Tue, 21 Dec 2010 13:50:54 +0000

Does the Users array have any items in it?