Inaccurate description of Authorize effects #34525
Description
Description
[Authorize(Roles = "Administrator, PowerUser")]
public class ControlAllPanelController : Controller
{
public IActionResult SetTime() =>
Content("Administrator || PowerUser");
[Authorize(Roles = "Administrator")]
public IActionResult ShutDown() =>
Content("Administrator only");
}
In the preceding ControlAllPanelController controller:
- Members of the Administrator role or the PowerUser role can access the controller and the ShutDown action.
- Only members of the Administrator role can access the SetTime action.
"
I'm guessing should be: (SetTime and ShutDown swapped)
"
In the preceding ControlAllPanelController controller:
- Members of the Administrator role or the PowerUser role can access the controller and the SetTime action.
- Only members of the Administrator role can access the ShutDown action.
"
Page URL
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-9.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authorization/roles.md
Document ID
980a23e7-56e4-da94-a139-cab85135c5f7
Article author
Metadata
- ID: b3668fea-5d71-a4fc-96d1-74b53906bf25 * Service: aspnet-core* Sub-service: security