Menu
I wondered if/how I can override the default [Authorize] behavior in ASP.NET MVC. I know that I can create a new Action Filter, make my own attribute and so forth; I am merely interested if I can simply change the [Authorize] behavior and replace its workings with my own code?
Edit: Guys and Girls. I appreciate your input but as I wrote, I am not looking to introduce a new [XYZAuthorize] Attribute. I'm aware of how to do this. I want to keep the [Authorize] notation but just change how it works.
929
. net - Override Authorize Attribute in ASP.NET MVC - Stack Overflow.
If a user is not authenticated, or doesn't have the required user name and role, then the Authorize attribute prevents access to the method and redirects the user to the login URL. When both Roles and Users are set, the effect is combined and only users with that name and in that role are authorized.
Authorization is a security mechanism which is used to determine whether the user has access to a particular resource or not. The main point that you need to remember is, authentication happens first, then only authorization.
Can We Override Default Method in Java? Default method in Java is a method in java which are defined inside the interface with the keyword default is known as the default method. It is a type of non-abstract method. This method is capable of adding backward capability so that the old interface can grasp the lambda expression capability.
If we are using more than one interface and in both interfaces, if both interfaces have the same name and same structure. So at that time, one must override either one both the default method otherwise it will result in an error.
ASP.NET MVC offers only three attributes that provide some control over whether a model’s properties are rendered to the scaffolded views (see Figure A). The first two attributes do the same thing (although they reside in different namespaces): [Editable(false)] and [ReadOnly(true)].
Use Attributes to Suppress Properties on CRUD Views ASP.NET MVC offers only three attributes that provide some control over whether a model’s properties are rendered to the scaffolded views (see Figure A). The first two attributes do the same thing (although they reside in different namespaces): [Editable(false)] and [ReadOnly(true)].
You can subclass the AuthorizeAttribute filter and put your own logic inside it.
Let's see an example. Let's say you want to always authorize local connections. However, if it is a remote connection, you would like to keep the usual authorization logic.
You could do something like:
public class LocalPermittedAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return (httpContext.Request.IsLocal || base.AuthorizeCore(httpContext)));
}
}
Or you could always authorize a certain remote address (your machine, for example).
That's it!
Edit: forgot to mention, you will use it the same as you would use the AuthorizeAttribute filter:
class MyController : Controller
{
[LocalPermittedAuthorize]
public ActionResult Fire()
{
Missile.Fire(Datetime.Now);
}
}
Yes, take a look at the MSDN docs for AuthorizeAttribute: http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx.
Basically, you can override the OnAuthorization() method and customize the behavior. There are other virtual methods on the attribute as well.
EDIT: As Bruno pointed out, you can override the AuthorizeCore() method. The main difference being that AuthorizeCore() takes an HttpContextBase, while OnAuthorization() takes an AuthorizationContext. An instance of AuthorizationContext provides you with more information, such as the Controller, the RequestContext and the RouteData. It also lets you specify an ActionResult.
AuthorizeCore() is more restricted in the information you can access as well as the result you can return, but if you need to authorize cached data, then your logic needs to handle the case where you don't have any of that extra data (since data is served from the cache before the request is routed through the MVC pipeline).
As always, you need to understand your scenario and the available tools and trade-offs between them.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
