Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inaccurate description of Authorize effects #34525

Closed
kennebel opened this issue Jan 20, 2025 · 0 comments · Fixed by #34537 · May be fixed by #34533
Closed

Inaccurate description of Authorize effects #34525

kennebel opened this issue Jan 20, 2025 · 0 comments · Fixed by #34537 · May be fixed by #34533
Assignees
@Rick-Anderson
Labels
aspnet-core/svc security/subsvc seQUESTered Identifies that an issue has been imported into Quest. Source - Docs.ms Docs Customer feedback via GitHub Issue

Comments

@kennebel
Copy link

kennebel commented Jan 20, 2025
edited by sequestor bot
Loading

Description

[Authorize(Roles = "Administrator, PowerUser")]
public class ControlAllPanelController : Controller
{
    public IActionResult SetTime() =>
        Content("Administrator || PowerUser");

    [Authorize(Roles = "Administrator")]
    public IActionResult ShutDown() =>
        Content("Administrator only");
}

In the preceding ControlAllPanelController controller:

  • Members of the Administrator role or the PowerUser role can access the controller and the ShutDown action.
  • Only members of the Administrator role can access the SetTime action.
    "

I'm guessing should be: (SetTime and ShutDown swapped)

"
In the preceding ControlAllPanelController controller:

  • Members of the Administrator role or the PowerUser role can access the controller and the SetTime action.
  • Only members of the Administrator role can access the ShutDown action.
    "

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-9.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authorization/roles.md

Document ID

980a23e7-56e4-da94-a139-cab85135c5f7

Article author

@Rick-Anderson

Metadata

  • ID: b3668fea-5d71-a4fc-96d1-74b53906bf25 * Service: aspnet-core* Sub-service: security

Related Issues

Associated WorkItem - 365054
@dotnetrepoman dotnetrepoman bot added aspnet-core/svc security/subsvc Source - Docs.ms Docs Customer feedback via GitHub Issue labels Jan 20, 2025
@timdeschryver timdeschryver mentioned this issue Jan 22, 2025
Open
@Rick-Anderson Rick-Anderson mentioned this issue Jan 22, 2025
Merged
@Rick-Anderson Rick-Anderson self-assigned this Jan 22, 2025
@Rick-Anderson Rick-Anderson added reQUEST Triggers an issue to be imported into Quest and removed ⌚ Not Triaged labels Jan 22, 2025
@Rick-Anderson Rick-Anderson moved this from 🔖 Ready to 👀 In review in dotnet/AspNetCore.Docs January 2025 sprint Jan 22, 2025
@dotnetrepoman dotnetrepoman bot added the mapQuest clean move label Jan 22, 2025
@dotnet-policy-service dotnet-policy-service bot removed the mapQuest clean move label Jan 22, 2025
@sequestor sequestor bot added seQUESTered Identifies that an issue has been imported into Quest. and removed reQUEST Triggers an issue to be imported into Quest labels Jan 23, 2025
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in dotnet/AspNetCore.Docs January 2025 sprint Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rick-Anderson Rick-Anderson

Labels
aspnet-core/svc security/subsvc seQUESTered Identifies that an issue has been imported into Quest. Source - Docs.ms Docs Customer feedback via GitHub Issue
Projects
dotnet/AspNetCore.Docs January 2025 sprint
Status: Done
Milestone
No milestone
2 participants
@Rick-Anderson @kennebel