Allows the configuration of security access rules with similar functionality to the System.Web.Mvc.AuthorizeAttribute, but placed in a configuration file instead of hard-coded near the controller or actions.

<?xml version="1.0" encoding="utf-8" ?>
<Rules xmlns="">
    <!--Rule roles="*" resource=".*" permission="Allow" -->

    <Rule roles="*" resource="^MyProjectNamespace\.Controllers\.AccountController\.(LogOn|LogOff)" permission="Allow" />
    <Rule roles="Role1, Role2" resource="^MyProjectNamespace\.Controllers\.HomeController\.(Index|NotImplemented|NotAllowed)" permission="Allow" />
    <Rule roles="Administrator" resource="^.*" permission="Allow" />

The secured controller or action is determined by matching the regular expression defined in the "resource" attribute of the rule with the full action "path" calculated by the engine when an action is invoked. This "path" includes the controller's full class name, the action method name and parameters.

Last edited Mar 28, 2010 at 12:15 PM by mvitorino, version 3