How to Authorize user in controller action using list of user from database in ASP.NET MVC 4?

Question

i am doing this in order to authorize user.

[Authorize(Users = @"user1, user2, user3")]
public class MyController : Controller
  {
      // my stuff
  }

i want to do authorization from the list of user which are in database table..

Answer 1

This is how I got it done:

Create a new class (which inherits from AuthorizeAttribute class).

public class CustomAuthorizeAttribute : AuthorizeAttribute

Override the AuthorizeCore method (in CustomAuthorizeAttribute class) and include your custom logic in it.

protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            bool isUserAuthorized = false;
            // custom logic goes here
            // You can get the details of the user making the call using httpContext
            // (httpContext.User.Identity.Name)
            // Then get the information you have stored on your db, and compare it 
            // with these details.
            // Set isUserAuthorized to true if the values match

            return isUserAuthorized;
        }

Decorate your controller action method with the attribute that you just created.

[CustomAuthorize]
public ActionResult DoSomething(string something, string someOtherThing)

Answer 2

This link form Gotalove is helpful. try the following:

"using the link shared by @VikasRana http://www.codeproject.com/Articles/578374/AplusBeginner-splusTutorialplusonplusCustomplusF

I got rid of my enum Role and my method

public CustomAuthorizeAttribute(params object[] roles)
{ ...}

I then changed Role in my model to be a string e.g. User.Role="Admin" instead of int. In my onAuthorization method I changed it to:

public override void OnAuthorization(AuthorizationContext filterContext)
{
    base.OnAuthorization(filterContext);
    if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
    {
        filterContext.Controller.TempData["ErrorDetails"] = "You must be logged in to access this page";
        filterContext.Result = new RedirectResult("~/User/Login");
        return;
    }
    if (filterContext.Result is HttpUnauthorizedResult)
    {
        filterContext.Controller.TempData["ErrorDetails"] = "You don't have access rights to this page";
        filterContext.Result = new RedirectResult("~/User/Login");
        return;
    }
    }

and in my global.asax added this.

protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
    if (FormsAuthentication.CookiesSupported == true && Request.IsAuthenticated== true)
    {
        if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
        {
            try
            {
                //let us take out the username now                
                string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
                string roles = string.Empty;

                using (GManagerDBEntities db = new GManagerDBEntities())
                {
                    User user = db.Users.SingleOrDefault(u => u.Username == username);

                    roles = user.Role;
                }
                //let us extract the roles from our own custom cookie
                //Let us set the Pricipal with our user specific details
                HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(
                  new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
            }
            catch (Exception)
            {
                //something went wrong
            }
        }
    }
}   

"

Source: Custom user authorization based with roles in asp.net mvc

PS.: In this link, in the same post, there is a second way to fix your problem. In the bottom of the post.

If this can't to help you, you should try it to.