In Asp.Net MVC you can attach various attributes to the controllers actions. One of them is Authorize which is used to managed access.
In this example every time user runs the Index action Authorize class performs :
- Check if user is in list of users in the Authorize User parameter.
- you can set usernames parameter
- Check if the user is logged in.
- Check if user is atlest in one role definied in authorize parameters
- role check looks like this
In my scenario I have database with all the data required for the membership provider on another server. Simple methods like ValidateUser are on the wire. Default Authorize class uses the user.IsInRole which needs “local” role provider . With DB behind the service layer it won’t work at all. I have launched ILSpy and made a little research.
It appears that Authorize Attribute is not sealed and you can extend its behaviors. Mehods inside class are marked as virtual so you can easily override them.
So here is my implementation of Authorize class over WCV. Most important part is the call service.IsUserInroles(name). Service through WCF check the roles and return boolean value.
Method used in my service