Discovering AuthorizeAttribute role names


In this post, Senior Consultant, Marius Rochon showcases how to discover ‘AuthorizeAttribute’ role names.

The AuthorizeAttribute is used in ASP.NET code to decorate controller classes and methods which require authorization, e.g.

[Authorize(Roles =“admin”)]

public class HomeController : Controller


Meaning that to call any method in this class, the user needs to have a role claim with the value ‘admin’. With many controllers and methods the number of roles used and their assignment to methods may become an administrative issue. It may not be easily discoverable what is the complete list of roles the application uses or what is the complete set of methods enabled by a role.

Continue reading on Marius’s blog…


Comments are closed. Login to edit/delete your existing comments