Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using Action Filters on MVC C# using query String

Tags:

c#

asp.net-mvc

actionfilterattribute

action-filter

Im using class name RightCheckerAttribute to check user permission in MVC3 application... So the RightCheckerAttribute class is like this...

    public bool isAdmin { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        HttpContextBase context = filterContext.HttpContext;

        bool result = Convert.ToBoolean(context.Request.QueryString["isAdmin"].ToString());

        if (isAdmin != result) 
        {
            RouteValueDictionary redirecttargetDictionary = new RouteValueDictionary();
            redirecttargetDictionary.Add("action", "NoPermission");
            redirecttargetDictionary.Add("controller","Singer");
            filterContext.Result = new RedirectToRouteResult(redirecttargetDictionary);

        }

        //base.OnActionExecuting(filterContext);
    }

So in Method i applying this have head as..

[RightChecker (isAdmin=true)]

Im Executing this method as this..

http://localhost:5576/Singer/DeleteSinger?isAdmin=true

The problem is whether I'm passing true or false... I got result variable as false... And I'm getting:

Exception[Null Object references]...

like image 486
Tharindu Lakshitha Avatar asked May 15 '12 04:05

Tharindu Lakshitha

People also ask

What is the use of action filters in MVC?

ASP.NET MVC provides Action Filters for executing filtering logic either before or after an action method is called. Action Filters are custom attributes that provide declarative means to add pre-action and post-action behavior to the controller's action methods.

What is action filters in C#?

Action filters are used to implement the logic that get executed before or after a controller action executes. Authorization Filters. It is used to implement authorization and authentication for action filters. Result Filters. Result filters contains logic that gets executed before or after a view result gets executed.

How do you implement an action filter?

You can create a custom action filter in two ways, first, by implementing the IActionFilter interface and the FilterAttribute class. Second, by deriving the ActionFilterAttribute abstract class.

2 Answers

It seems you are not passing the isAdmin=false or isAdmin=true in your query string. It works for me. However you will need to handle the situation where you are not passing the querystring parameter. Check my implementation. As mentioned in the comments section of the question, it is not secured enough to pass this through a query string.

        public class RightChecker : ActionFilterAttribute
        {
            public bool IsAdmin;            

            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {

               bool result = false;
               if (filterContext.HttpContext.Request.QueryString["isAdmin"] != null)
               {
                       bool.TryParse(filterContext.HttpContext.Request.QueryString["isAdmin"].ToString(), out result);
               }

               if (IsAdmin != result) 
               {
                   //your implementation
               }
            }
        }

Your action method

    [RightChecker(IsAdmin=true)]
    public ActionResult AttCheck()
    {
        return View();
    }
like image 68
Prashanth Thurairatnam Avatar answered Sep 22 '22 05:09

Prashanth Thurairatnam

check rights from querystring is not really safe. you can try this: [link] "Security aware" action link?

but due to mvc 3 api changes , some code obsoleted in ActionIsAuthorized Method , you can fix it youself , see my question asked here [link] https://stackoverflow.com/questions/10545018/how-to-get-authorizationfilters-from-filterproviders

like image 23
dfang Avatar answered Sep 21 '22 05:09

dfang
Sign in to Comment

Related questions

ASP.NET Core 2.2 WebAPI 405 Method Not Allowed
Home Automation Library [closed]
Can you Pass Func<T,bool> Through a WCF Service?
Lock Windows workstation programmatically in C#
Snapshot History With Entity Framework
How to find control points for a BezierSegment given Start, End, and 2 Intersection Pts in C# - AKA Cubic Bezier 4-point Interpolation
Best way to detect similar email addresses?
Is there a way to edit a pdf with C#? [closed]
Building An App With Plug-in Support
Lock file for writing/deleting while allowing any process to read
How to find out the Encoding of a File? C#
Can you access standard Windows strings like 'Cancel'?
c# : Why is a cast needed from an Enum to an INT when used in a switch statement?, enums are ints
C# rethrow an exception: how to get the exception stack in the IDE?
for-loop optimization - needed or not?
How to disable script debugging in Visual Studio 2010 when running Asp.Net website project?
A curious case of Visual Studio 2010 debugger(it can not hit a break point)
asp.net OnClientClick not rendered for initially disabled Button
Why are System.Windows.Point & System.Windows.Vector mutable?
Why C# does not support the intersection of Protected and Internal accessibility?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!