Hi -
I have an angularjs and web api application. I'd like to do one of two things or figure out how to do both. My application users need to register/login to view the rest of the page data. This part works fine. But I'd like more specifically to allow only admins or specific users to access more sensitive data. I have decorated my class with the
[Authorize]
attibute which forces the user to log in or register. I then took it one step further for
[Authorize(Users="tbryant")]
which worked as expected for different users logging in. I then tried the tbryant user and was not allowed in. In my AspNetUserRoles table tbryant is a user name. Where or what else do I need to do in order for that role to be granted access?
here is the full sample code I was working with to figure it out
[RoutePrefix("api/Orders")]
public class OrdersController : ApiController
{
[Authorize(Users="tbryant")]
[Route("")]
public IHttpActionResult Get()
{
return Ok(Order.CreateOrders());
}
}
public class Order
{
public int OrderID { get; set; }
public string CustomerName { get; set; }
public string ShipperCity { get; set; }
public Boolean IsShipped { get; set; }
public static List<Order> CreateOrders()
{
List<Order> OrderList = new List<Order>
{
new Order {OrderID = 10248, CustomerName = "Taiseer Joudeh", ShipperCity = "Amman", IsShipped = true },
new Order {OrderID = 10249, CustomerName = "Ahmad Hasan", ShipperCity = "Dubai", IsShipped = false},
new Order {OrderID = 10250,CustomerName = "Tamer Yaser", ShipperCity = "Jeddah", IsShipped = false },
new Order {OrderID = 10251,CustomerName = "Lina Majed", ShipperCity = "Abu Dhabi", IsShipped = false},
new Order {OrderID = 10252,CustomerName = "Yasmeen Rami", ShipperCity = "Kuwait", IsShipped = true}
};
return OrderList;
}
}
Thanks
Troy
What I have tried:
[Authorize]
[Authorize(Users="tbryant")]