Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

asp.net mvc Adding to the AUTHORIZE attribute

Tags:

asp.net

attributes

asp.net-mvc

How do I create a custom attribute to extend existing Authorize attribute in MVC?

like image 359
zsharp Avatar asked Feb 16 '09 18:02

zsharp

2 Answers

Derive your class from AuthorizeAttribute. Override the OnAuthorization method. Add and set up a CacheValidationHandler.

public void CacheValidationHandler( HttpContext context,
                                    object data,
                                    ref HttpValidationStatus validationStatus )
{
    validationStatus = OnCacheAuthorization( new HttpContextWrapper( context ) );
}


public override void OnAuthorization( AuthorizationContext filterContext )
{
    if (filterContext == null)
    {
        throw new ArgumentNullException( "filterContext" );
    }

    if (AuthorizeCore( filterContext.HttpContext ))
    {
       ... your custom code ...
       SetCachePolicy( filterContext );
    }
    else if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
    {
        // auth failed, redirect to login page
        filterContext.Result = new HttpUnauthorizedResult();
    }
    else
    {
       ... handle a different case than not authenticated
    }
}


protected void SetCachePolicy( AuthorizationContext filterContext )
 {
     // ** IMPORTANT **
     // Since we're performing authorization at the action level, the authorization code runs
     // after the output caching module. In the worst case this could allow an authorized user
     // to cause the page to be cached, then an unauthorized user would later be served the
     // cached page. We work around this by telling proxies not to cache the sensitive page,
     // then we hook our custom authorization code into the caching mechanism so that we have
     // the final say on whether a page should be served from the cache.
     HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
     cachePolicy.SetProxyMaxAge( new TimeSpan( 0 ) );
     cachePolicy.AddValidationCallback( CacheValidationHandler, null /* data */);
 }
like image 110
tvanfosson Avatar answered Oct 28 '22 13:10

tvanfosson

You do not need to extend this attribute, web.config is enough. Please read about forms Element for authentication. Pay your attention on defaultUrl. This is something what you need.

<system.web>
  <authentication mode="Forms">
    <forms defaultUrl="YourUrlGoesHere"/>
  </authentication>
</system.web>
like image 45
Mike Chaliy Avatar answered Oct 28 '22 12:10

Mike Chaliy
Sign in to Comment

Related questions

Redirect from asp.net page to another using javascript function
Is it possible to mix database first and code first models with entity framework?
Web Api 2 : "Sample not available"
What is Microsoft.DependencyValidation.Analyser and why does Visual Studio 2017 force install the package?
A product matching the following parameters cannot be found during VS Installation
Syntax error caused by <%@ Page Language="c#"%> ? ASP.Net
jquery ui datepicker inside asp.net UpdatePanel
How to retrieve "Last Modified Date" of uploaded file in ASP.Net
Why am I getting 404 when the route matches? ASP.Net MVC
Stop 'enter' key submitting form when using jquery ui autocomplete widget
CustomValidator ServerValidate method does not fire
Web api: The requested resource does not support http method 'GET'
Highcharts Error #16: charts not showing on the same page
How to make Json.Net skip serialization of empty collections
cannot convert from 'string' to 'System.IFormatProvider'
Could not load file or assembly System.Web.Mvc or one of its dependencies
Failed - network error when downloading excel file made by EPPlus.dll
Restrict accepted Media Types in ASP.NET Core Controller action
Webforms and jQuery, how to match the ID's?
Web User Controls and Validation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!