This project is read-only.

Case sensitivities Issues

Feb 18, 2013 at 3:28 PM
Actions and controllers seem to be secured on a case sensitive basis.
I'm not sure this is correct.
Feb 18, 2013 at 3:57 PM
To get around this I modified ConfigurationAuthorizationProvider
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using MvcAuthorization.Configuration;
using System.Linq.Expressions;
using System.Web.Mvc;
using System.Collections.Concurrent;
using MvcAuthorization.AuthorizationDescriptors;

namespace MvcAuthorization
{
    public class ConfigurationAuthorizationProvider : AuthorizationProvider
    {
        protected override AreaAuthorizationDescriptor LoadAreaAuthorizationDescriptor(string areaName)
        {
            AreaAuthorizationConfigurationElement element = AuthorizationConfiguration.AreaMappings.Where(a => String.Equals(a.Area, (areaName ?? ""), StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
            return new AreaAuthorizationDescriptor(areaName, element != null && !string.IsNullOrEmpty(element.Roles) ? element.Roles.Split(',').ToList() : null);
        }
        
        protected override ControllerAuthorizationDescriptor LoadControllerAuthorizationDescriptor(string controllerName, string areaName)
        {
            ControllerAuthorizationConfigurationElement element = AuthorizationConfiguration.AreaMappings.Where(a => String.Equals(a.Area, (areaName ?? ""), StringComparison.OrdinalIgnoreCase)).SelectMany(cm => cm.ControllerAuthorizationMappings.Where(e => String.Equals(e.Controller, controllerName, StringComparison.OrdinalIgnoreCase))).FirstOrDefault();
            //ControllerAuthorizationConfigurationElement element = AuthorizationConfiguration.ControllerMappings.Where(e => e.Controller == controllerName && e.Area == (areaName ?? "")).FirstOrDefault();
            return new ControllerAuthorizationDescriptor(controllerName, areaName, element != null && !string.IsNullOrEmpty(element.Roles) ? element.Roles.Split(',').ToList() : null);
        }

        protected override ActionAuthorizationDescriptor LoadActionAuthorizationDescriptor(string controllerName, string actionName, string areaName)
        {
            ControllerAuthorizationConfigurationElement controllerElement = AuthorizationConfiguration.AreaMappings.Where(a => String.Equals(a.Area, (areaName ?? ""), StringComparison.OrdinalIgnoreCase)).SelectMany(cm => cm.ControllerAuthorizationMappings.Where(e => String.Equals(e.Controller, controllerName, StringComparison.OrdinalIgnoreCase))).FirstOrDefault();

            if (controllerElement != null)
            {
                ActionAuthorizationConfigurationElement actionElement = controllerElement.ActionAuthorizationMappings.Where(e => String.Equals(e.Action, actionName, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
                
                if (actionElement != null && !string.IsNullOrEmpty(actionElement.Roles))
                {
                    return new ActionAuthorizationDescriptor(actionName, controllerName, areaName, actionElement.Roles.Split(',').ToList());
                }
            }

            // Null for all roles
            return new ActionAuthorizationDescriptor(actionName, controllerName, areaName, null);
        }

        #region Singleton instance for when there is no dependency resolver

        private static readonly Lazy<ConfigurationAuthorizationProvider> _instance
             = new Lazy<ConfigurationAuthorizationProvider>(() => new ConfigurationAuthorizationProvider());

        internal static ConfigurationAuthorizationProvider Instance
        {
            get
            {
                return _instance.Value;
            }
        }

        #endregion
    }
}
Apr 3, 2013 at 4:41 AM
Genial Gracias!, tuve el mismo problema y tu código funcionó bien!
Apr 3, 2013 at 8:55 AM
cperezcali wrote:
Genial Gracias!, tuve el mismo problema y tu código funcionó bien!
You're welcome!
Coordinator
Jul 18, 2013 at 4:21 AM
This is resolved in the v2 release

Thanks,
Ryan