Discovering AuthorizeAttribute role names
In this post, Senior Consultant, Marius Rochon showcases how to discover ‘AuthorizeAttribute’ role names.
The AuthorizeAttribute is used in ASP.NET code to decorate controller classes and methods which require authorization, e.g.
public class HomeController : Controller
Meaning that to call any method in this class, the user needs to have a role claim with the value ‘admin’. With many controllers and methods the number of roles used and their assignment to methods may become an administrative issue. It may not be easily discoverable what is the complete list of roles the application uses or what is the complete set of methods enabled by a role.