Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Overriding AuthorizeAttribute in MVC 4

Tags:

asp.net-mvc

asp.net-mvc-3

asp.net-mvc-4

In my application, I want to redirect the authorized user to update their profile page until they have provided required information. If they update profile, then the IsProfileCompleted is set to 'true' in the database.

So, I knows that this can be done by putting check condition in required action of controller. But I want to do this by customizing the AuthorizeAttribute.

I Googled and 'StackOverflowed' for information, but got confused. Please guide me.

like image 691
Mukesh Sharma Avatar asked Oct 14 '13 11:10

Mukesh Sharma

1 Answers

public class MyAuthorizeAttribute: AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var authorized = base.AuthorizeCore(httpContext);
        if (!authorized)
        {
            // The user is not authorized => no need to go any further
            return false;
        }

        // We have an authenticated user, let's get his username
        string authenticatedUser = httpContext.User.Identity.Name;

        // and check if he has completed his profile
        if (!this.IsProfileCompleted(authenticatedUser))
        {
            // we store some key into the current HttpContext so that 
            // the HandleUnauthorizedRequest method would know whether it
            // should redirect to the Login or CompleteProfile page
            httpContext.Items["redirectToCompleteProfile"] = true;
            return false;
        }

        return true;
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Items.Contains("redirectToCompleteProfile"))
        {
            var routeValues = new RouteValueDictionary(new
            {
                controller = "someController",
                action = "someAction",
            });
            filterContext.Result = new RedirectToRouteResult(routeValues);
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }

    private bool IsProfileCompleted(string user)
    {
        // You know what to do here => go hit your database to verify if the
        // current user has already completed his profile by checking
        // the corresponding field
        throw new NotImplementedException();
    }
}

and then you could decorate your controller actions with this custom attribute:

[MyAuthorize]
public ActionResult FooBar()
{
    ...
}
like image 60
Darin Dimitrov Avatar answered Sep 22 '22 02:09

Darin Dimitrov
Sign in to Comment

Related questions

How to Show or hide controls based on roles - ASP.NET MVC 4 Razor
Inherited layout in ASP.NET MVC
Correct way to reference Javascript in ASP.NET MVC?
Text literal problem in MVC3 Razor view
path to file in class library
Nested layouts for MVC5
A project with an Output Type of Class Library cannot be started directly.
git and ASP MVC
appSettings and ConfigurationManager.AppSettings issue
Is ASP.net Model View Presenter worth the time?
How can I decorate my ASP.NET MVC ViewModel property to render as a textarea when using EditorForModel()
asp.net mvc file contenttype
mvc3 maxLength input
Sequence contains no elements - LINQ, MVC, Average
Re-Scaffold views after changing their model
How to create a static dropdown in Razor syntax?
How to send Json object (or string data) from Javascript xmlhttprequest to MVC Controller
Format a decimal in a view
MVC 4 Global Exception Filter how to implement?
Razor `if` does not register closing `}` if there is an opened `<table>` tag?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!