Need help with DynamicRoleBasedAuthorizationNETCore?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

mo-esmp
231 Stars 58 Forks GNU General Public License v3.0 123 Commits 2 Opened issues

Description

Dynamic Role-Based Authorization in ASP.NET Core MVC 2.1, 3.1 and 5.0

Services available

!
?

Need anything else?

Contributors list

# 198,902
C#
persian...
React
Redux
105 commits
# 609,725
C#
HTML
asp-net...
role-ba...
1 commit

Dynamic Role-Based Authorization in ASP.NET Core MVC 2.1, 3.1 and 5.0 NuGet

You already know how role-based authorization works in ASP.NET Core.

[Authorize(Roles = "Administrator")]
public class AdministrationController : Controller
{
}

But what if you don't want hardcode roles on the

Authorize
attribute or create roles later and specify in which controller and action it has access without touching source code?

DynamicAuthorization helps you authorize users without hardcoding role(s) on the

Authorize
attribute with minimum effort. DynamicAuthorization is built at the top of ASP.NET Core Identity and uses identity mechanism for managing roles and authorizing users.

Install the DynamicAuthorization.Mvc.Core NuGet package

powershell
Install-Package DynamicAuthorization.Mvc.Core
or
shell
dotnet add package DynamicAuthorization.Mvc.Core

Then, add

AddDynamicAuthorization()
to
IServiceCollection
in
Startup.ConfigureServices
method: ```csharp public void ConfigureServices(IServiceCollection services) { ... services .AddIdentity(options => options.SignIn.RequireConfirmedAccount = false) .AddEntityFrameworkStores() .AddDefaultTokenProviders();
services
    .AddDynamicAuthorization(options => options.DefaultAdminUser = "UserName")
You can set the default admin username via `DefaultAdminUser` config to access everywhere without creating a default admin role and its access.

Then install JSON or SQLSever store to save role access.

To install DynamicAuthorization.Mvc.JsonStore NuGet package

Install-Package DynamicAuthorization.Mvc.JsonStore
</pre>
<p>or
</p>
<pre>shell
dotnet add package DynamicAuthorization.Mvc.JsonStore
</pre>
```csharp
public void ConfigureServices(IServiceCollection services)
{
<pre>services
    .AddDynamicAuthorization<applicationdbcontext>(options =&gt; options.DefaultAdminUser = "UserName")
    .AddJsonStore(options =&gt; options.FilePath = "FilePath");
</applicationdbcontext></pre>
<pre>Role access will be saved in a JSON file and you can specify the file path `FilePath` config.

Or install SQLServer store _DynamicAuthorization.Mvc.MsSqlServerStore_ [NuGet package](https://www.nuget.org/packages/DynamicAuthorization.Mvc.MsSqlServerStore)
```powershell
Install-Package DynamicAuthorization.Mvc.MsSqlServerStore
</pre>
<p>or
</p>
<pre>shell
dotnet add package DynamicAuthorization.Mvc.MsSqlServerStore
</pre>
```csharp
public void ConfigureServices(IServiceCollection services)
{
<pre>services
    .AddDynamicAuthorization<applicationdbcontext>(options =&gt; options.DefaultAdminUser = "UserName")
    .AddSqlServerStore(options =&gt; options.ConnectionString = "ConnectionString");
</applicationdbcontext></pre>
<pre>
You can decorate controllers and actions with `DisplayName` attribute to show the user a more meaningful name instead of controller and action name.
```c#
[DisplayName("Access Management")]
public class AccessController : Controller
{

    // GET: Access
    [DisplayName("Access List")]
    public async Task<actionresult> Index()
}
</actionresult></pre>
<p>You can also the default UI for managing roles and assigning roles to users if you don't want to implement them by yourself.</p>

<p>Install the <em>DynamicAuthorization.Mvc.Ui</em> <a href="https://www.nuget.org/packages/DynamicAuthorization.Mvc.Ui">NuGet package</a></p>
<pre class="language-powershell">Install-Package DynamicAuthorization.Mvc.Ui
</pre>
<p>Then </p>
<pre>AddUi</pre> to DynamicAuthorization registration:
<pre>
services
        .AddDynamicAuthorization<applicationdbcontext>(options =&gt; options.DefaultAdminUser = "UserName")
        .AddJsonStore(options =&gt; options.FilePath = "FilePath")
        .AddUi();
</applicationdbcontext></pre>

<p>Use </p>
<pre>http://<your-app>/role</your-app></pre> url to manage roles and assign access to a role.

<p><img src="https://raw.githubusercontent.com/mo-esmp/DynamicRoleBasedAuthorizationNETCore/dev/assets/create-role-2.jpg" alt="create project"></p>

<p>Use </p>
<pre>http://<your-app>/userrole</your-app></pre> url to assign roles to users.

<p>You can also use a custom </p>
<pre>TageHelper</pre> to check whether the user has access to view content or not. create a custom tag helper that inherits from <pre>SecureContentTagHelper</pre>
<pre class="language-c#">[HtmlTargetElement("secure-content")]
public class MySecureContentTagHelper : SecureContentTagHelper<applicationdbcontext>
{
    public MySecureContentTagHelper(
        ApplicationDbContext dbContext,
        DynamicAuthorizationOptions authorizationOptions,
        IRoleAccessStore roleAccessStore
        )
        : base(dbContext, authorizationOptions, roleAccessStore)
    {
    }
}
</applicationdbcontext></pre>
<p>In each view wrap a content or an anchor tag inside </p>
<pre>secure-content</pre> tag:
<pre class="language-html"></pre>
<ul class="nav navbar-nav">
    <li><a asp-area="" asp-controller="Home" asp-action="Index">Home</a></li>
    <li><a asp-area="" asp-controller="Home" asp-action="About">About</a></li>
    <li><a asp-area="" asp-controller="Home" asp-action="Contact">Contact</a></li>

    <secure-content asp-area="" asp-controller="Role" asp-action="Index">
        <li><a asp-area="" asp-controller="Role" asp-action="Index">Role</a></li>
    </secure-content>
    <secure-content asp-area="" asp-controller="Access" asp-action="Index">
        <li><a asp-area="" asp-controller="Access" asp-action="Index">Access</a></li>
    </secure-content>
</ul>

<p>Don't forget to add your tag halper namespace to </p>
<pre>_ViewImports.cshtml</pre>:
<pre>cshtml
@using SampleMvcWebApp
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
@addTagHelper *, SampleMvcWebApp
</pre>

<p>If you extended </p>
<pre>IdentityUser</pre> or you changed user and role key, you should pass user and role type too. for example:
<pre class="language-c#">public class ApplicationDbContext : IdentityDbContext<applicationuser> { ... }
public class MySecureContentTagHelper : SecureContentTagHelper<applicationdbcontext applicationuser> { ... }
</applicationdbcontext></applicationuser></pre>
<p>or</p>
<pre class="language-c#">public class ApplicationDbContext : IdentityDbContext<applicationuser applicationrole int> { ... }
public class MySecureContentTagHelper : SecureContentTagHelper<applicationdbcontext applicationuser applicationrole int> { ... }
</applicationdbcontext></applicationuser></pre>
<p>If you don't want to use the default UI, follow the below steps to discover controllers and actions and give access to the role and then assign role(s) to the user.
The next step is discovering controllers and actions. </p>
<pre>IMvcControllerDiscovery</pre> return all controllers and actions that decorated with <pre>[Authorize]</pre> attribute. <pre>IMvcControllerDiscovery.GetControllers()</pre> method returns list of  <pre>MvcControllerInfo</pre>:
<pre class="language-c#">public class MvcControllerInfo
{
    public string Id =&gt; $"{AreaName}:{Name}";

    public string Name { get; set; }

    public string DisplayName { get; set; }

    public string AreaName { get; set; }

    public IEnumerable<mvcactioninfo> Actions { get; set; }
}

public class MvcActionInfo
{
    public string Id =&gt; $"{ControllerId}:{Name}";

    public string Name { get; set; }

    public string DisplayName { get; set; }

    public string ControllerId { get; set; }
}
</mvcactioninfo></pre>
<p>The next step is creating a role to assign access to it. Use </p>
<pre>RoleManager&lt;&gt;</pre> to create role and <pre>IRoleAccessStore</pre> to store role access.
<pre class="language-c#">var role = new IdentityRole { Name = "RoleName" };
var result = await _roleManager.CreateAsync(role);

var controllers = _mvcControllerDiscovery.GetControllers();
var roleAccess = new RoleAccess
{
    Controllers = controllers.First(),
    RoleId = role.Id
};
await _roleAccessStore.AddRoleAccessAsync(roleAccess);
</pre>
<p>The final step is assigning a created role to a user:</p>
<pre class="language-c#">var user = await _userManager.FindByIdAsync("someId");
await _userManager.AddToRolesAsync(user, new [] { "RoleName" });
</pre>
<p>And now the user only can access those controllers and actions that his roles can access.</p>

<p>Here is an example to create a role and assign access to the role.
```c#
public class RoleViewModel
{
    [Required]
    [StringLength(256, ErrorMessage = "The {0} must be at least {2} characters long.")]
    public string Name { get; set; }</p>
<pre>public IEnumerable<mvccontrollerinfo> SelectedControllers { get; set; }
</mvccontrollerinfo></pre>
<p>}</p>

<p>[DisplayName("Role Management")]
public class RoleController : Controller
{
    private readonly IMvcControllerDiscovery _mvcControllerDiscovery;
    private readonly IRoleAccessStore _roleAccessStore;
    private readonly RoleManager<identityrole> _roleManager;</identityrole></p>
<pre>public RoleController(
    IMvcControllerDiscovery mvcControllerDiscovery,
    IRoleAccessStore roleAccessStore,
    RoleManager<identityrole> roleManager
    )
{
    _mvcControllerDiscovery = mvcControllerDiscovery;
    _roleManager = roleManager;
    _roleAccessStore = roleAccessStore;
}

// GET: Role/Create
[DisplayName("Create Role")]
public ActionResult Create()
{
    var controllers = _mvcControllerDiscovery.GetControllers();
    ViewData["Controllers"] = controllers;

    return View();
}

// POST: Role/Create
[HttpPost, ValidateAntiForgeryToken]
public async Task<actionresult> Create(RoleViewModel viewModel)
{
    if (!ModelState.IsValid)
    {
        ViewData["Controllers"] = _mvcControllerDiscovery.GetControllers();
        return View(viewModel);
    }

    var role = new IdentityRole { Name = viewModel.Name };
    var result = await _roleManager.CreateAsync(role);

    if (!result.Succeeded)
    {
        foreach (var error in result.Errors)
            ModelState.AddModelError("", error.Description);

        ViewData["Controllers"] = _mvcControllerDiscovery.GetControllers();
        return View(viewModel);
    }

    if (viewModel.SelectedControllers != null &amp;&amp; viewModel.SelectedControllers.Any())
    {
        foreach (var controller in viewModel.SelectedControllers)
            foreach (var action in controller.Actions)
                action.ControllerId = controller.Id;

        var roleAccess = new RoleAccess
        {
            Controllers = viewModel.SelectedControllers.ToList(),
            RoleId = role.Id
        };
        await _roleAccessStore.AddRoleAccessAsync(roleAccess);
    }

    return RedirectToAction(nameof(Index));
}
</actionresult></identityrole></pre>
<p>}

Checkout samples to view full implementation.

To implement DynamicAuthorization step by step by yourself checkout manual branch.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.