June 2009 Entries
With ASP.Net MVC, you can easily use AuthorizeAttribute to control access to controllers and actions. I found it limiting within the context of Windows Authentication. First, I wanted to configure the roles outside of an attibute. Properties of AuthorizeAttribute, as with all attributes, must be set a design-time, such as [Authorize(Roles = “MyCompany\AppAdmin”)]. I want to break that out to configuration so I can have [Authorize(Roles = “Editor”)] and configure the Editor role like this EditorRole=”MyCompany\AppAd...