Discovering AuthorizeAttribute role names

The AuthorizeAttribute is used in ASP.NET code to decorate controller classes and methods which require authorization, e.g.

[Authorize(Roles =“admin”)]

public class HomeController : Controller

{

Meaning that to call any method in this class, the user needs to have a role claim with the value ‘admin’.

With many controllers and methods the number of roles used and their assignment to methods may become an administrative issue. It may not be easily discoverable what is the complete list of roles the application uses or what is the complete set of methods enabled by a role. A small console application I wrote may thus become handy: https://github.com/mrochon/ASPNETRoleDiscovery.

Use the file-open dialog displayed by the application to open the assembly (dll) of your ASP.NET application. Your assembly must be in the directory to which it was compiled since the console application will need to load other assemblies your application references. It will look for them in the same directory.

The current output of the console application consists of a CSV and Json listing. The CSV file lists all uses of a role, in classes or methods. The Json fragment can be used to modify the web application’s manifest in the Azure AD to enable RBAC for the application. Example of output:

ClassName, MethodName, RoleName
WebApplication2.Controllers.AccountController,SignIn,admin
WebApplication2.Controllers.AccountController,SignIn, abc
WebApplication2.Controllers.HomeController,*,admin
WebApplication2.Controllers.HomeController,About,admin
WebApplication2.Controllers.HomeController,About, clerk
———————————
“appRoles”: [
{
“allowedMemberTypes”: [
“Application”,
“User”
],
“description”: “<some description>”,
“displayName”: “admin”,
“id”: “20d97248-94be-49be-8568-9ad8fd33fe4b”,
“isEnabled”: true,
“value”: “admin”
}
{
“allowedMemberTypes”: [
“Application”,
“User”
],
“description”: “<some description>”,
“displayName”: ” abc”,
“id”: “e0aa5b8c-a7dd-4611-a0e9-27845e95fb1c”,
“isEnabled”: true,
“value”: ” abc”
}
{
“allowedMemberTypes”: [
“Application”,
“User”
],
“description”: “<some description>”,
“displayName”: ” clerk”,
“id”: “374ae2fb-d4e0-4b55-8535-ccbd42d44bb5”,
“isEnabled”: true,
“value”: ” clerk”
}
],