Menu
public class CustomAuthorizeAttribute : AuthorizationFilterAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { return true;// if my current user is authorised } } Above is my CustomAuthorizeAttribute Class and
[CustomAuthorize] // both [CustomAuthorize] and [CustomAuthorizeAttribute ] I tried public class ProfileController : ApiController { //My Code.. } When I'm calling
http://localhost:1142/api/Profile It is not firing CustomAuthorizeAttribute
More over My FilterConfig class is look like below
public class FilterConfig { public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new CustomAuthorizeAttribute()); } } Please help if I miss something.
534
To implement a custom authorization filter, we need to create a class that derives either AuthorizeAttribute , AuthorizationFilterAttribute , or IAuthorizationFilter . AuthorizeAttribute : An action is authorized based on the current user and the user's roles.
Using the [Authorize] Attribute Web API provides a built-in authorization filter, AuthorizeAttribute. This filter checks whether the user is authenticated. If not, it returns HTTP status code 401 (Unauthorized), without invoking the action.
If a user is not authenticated, or doesn't have the required user name and role, then the Authorize attribute prevents access to the method and redirects the user to the login URL. When both Roles and Users are set, the effect is combined and only users with that name and in that role are authorized.
HttpContextBase. Instead use the filter from the System.Web.Http.Filters namespace.Web API filter code: https://github.com/aspnetwebstack/aspnetwebstack/blob/master/src/System.Web.Http/Filters/AuthorizationFilterAttribute.cs
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
