[转]How to override HandleUnauthorizedRequest in ASP.NET Core

本文转自:http://quabr.com/40446028/how-to-override-handleunauthorizedrequest-in-asp-net-core

I'm migrating my project to asp.net core and I'm stuck in migrating my CustomAuthorization attribute for my controllers. Here is my code.

public class CustomAuthorization : AuthorizeAttribute
{
    public string Url { get; set; }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);
        }
        else if (!Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))
        {
            filterContext.Result = new ViewResult
            {
                ViewName = "AcessDenied"
            };
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
}

then i used it to my controllers

[CustomAuthorization(Url = "/Admin/Account/Login", Roles = "Admin")]
public abstract class AdminController : Controller { }

so, basically i can use it to redirect to different login page when roles is not met. I have few areas and each of them have different login page. I tried using the CookieAuthenticationOptions like this

services.Configure<CookieAuthenticationOptions>(options =>
{
    options.AuthenticationScheme = "Admin";
    options.LoginPath = "/Admin/Account/Login";
});

then on my admin controller

[Area("Admin")]
[Authorize(ActiveAuthenticationSchemes = "Admin", Roles = "Admin")]

but after i login, it still cant get in.

1 answer

  • answered 2016-11-06 13:17 Darkonekt

    I am doing something similar in one of my projects.  This answer is NOT using AuthorizeAttribute; but it might help some one landing here from a google search. In my case I am using it to authorize based on custom logic.

    First my custom attribute class:

    public class CustomAuthorizationAttribute : ActionFilterAttribute
{
    private readonly IMyDepedency _dp;
    public CustomAuthorizationAttribute(IMyDepedency dp)
    {
        _dp = dp;
    }
    public override void OnActionExecuting(ActionExecutingContext context)
    {
        var isValid = false;
       //write my validation and authorization logic here 
        if(!isValid)
        {
            var unauthResult = new UnauthorizedResult();

            context.Result = unauthResult;                
        }

        base.OnActionExecuting(context);
    }
}

    I decorate my controllers like this:

    [ServiceFilter(typeof (CustomAuthorizationAttribute))]

    Then in my Startup class

    public void ConfigureServices(IServiceCollection services)
{
     // Add framework services.
     services.AddMvc();

   // my other stuff that is not relevant in this post

     // Security
     services.AddTransient<CustomAuthorizationAttribute>();
 }

 

posted on 2017-01-07 14:08  freeliver54  阅读(867)  评论(0编辑  收藏  举报

导航