ASP.NET AuthorizeAttribute should allow both users and roles

Jul 10, 2015 at 3:06 PM
We would like to allow access to a page of our webapp to either a role or a group of users. For example, members of the group Admins should be allowed, in addition to User1 and User2 who are not members of the Admins group. Currently, the AuthorizeAttribute only looks at either roles or users, but not both.

I've added an issue here. I would be more than willing to take this one and submit a patch.