3

On an intranet site using windows authentication, and certain controller methods being marked with the "AuthorizeAttribute" controlling access to certain users/groups and roles, I'm trying to figure out the best way to allow "test users" to access these things.

Since <location> is off the table with MVC (security concerns), what is the best approach here?

My first thought is to implement the following:

  1. A custom config section that essentially mirrors the <authorization> section
  2. A custom attribute that inherits from "AuthorizeAttribute" which checks users against the custom config section
  3. Use config transforms to remove the custom config section for QA and Release environments

Is there an easier/better way???

Improve this question
2
  • 2
    Not sure I understand. Shouldn't you add test users to appropriate groups/roles and not change anything in code and configs? Commented Jan 23, 2012 at 21:06
  • In QA, it's dedicated test users, so yes, what you said. But from Debug to Staging, the test user is usually me. And I am not endowed with Domain Account Creation powers... Commented Jan 23, 2012 at 21:11

1 Answer 1

Reset to default
2

Update What I originally wrote used the attribute syntax on a class or method, but if you are using MVC3 you can also use a global action filter in (global.asax.cs) so you only have to do it once.

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
#if DEBUG
    filters.Add(new AuthorizeAttribute() {Users="YourAccount"});
#endif
    //Your other global action filters
}

Original You could use #if DEBUG to only add the authorization to debug code.

#if DEBUG
    [Authorize(Users = "YourAccount")]
#endif

The Authorize attribute allows multiple so you don't have to repeat your production authorized user list or use an #else.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.