This project is read-only.

information of why Authorization done via code and not attributes

Nov 3, 2010 at 8:26 PM


I'm walking thru the Navigation part of the system and I that authorization which is a "cross cutting concern" done via code and not via attributes.

        public ActionResult Index(NavigationManagementViewModel model) {
            if (!_services.Authorizer.Authorize(Permissions.ManageMainMenu, T("Not allowed to manage the main menu")))
                return new HttpUnauthorizedResult();
What was the reason behind this choice? I see that it's pluggable and invoked via the _services member, but isn't it possible to get this Authorizer instance from a IoC container and do it via attributes as "it should be"?