[转]How to override HandleUnauthorizedRequest in ASP.NET Core

时间:2024-05-23 15:37:14

本文转自:http://quabr.com/40446028/how-to-override-handleunauthorizedrequest-in-asp-net-core

I'm migrating my project to asp.net core and I'm stuck in migrating my CustomAuthorization attribute for my controllers. Here is my code.

public class CustomAuthorization : AuthorizeAttribute

{

    public string Url { get; set; }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)

    {

        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)

        {

            filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);

        }

        else if (!Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))

        {

            filterContext.Result = new ViewResult

            {

                ViewName = "AcessDenied"

            };

        }

        else

        {

            base.HandleUnauthorizedRequest(filterContext);

        }

    }

}

then i used it to my controllers

[CustomAuthorization(Url = "/Admin/Account/Login", Roles = "Admin")]

public abstract class AdminController : Controller { }

so, basically i can use it to redirect to different login page when roles is not met. I have few areas and each of them have different login page. I tried using the CookieAuthenticationOptions like this

services.Configure<CookieAuthenticationOptions>(options =>

{

    options.AuthenticationScheme = "Admin";

    options.LoginPath = "/Admin/Account/Login";

});

then on my admin controller

[Area("Admin")]

[Authorize(ActiveAuthenticationSchemes = "Admin", Roles = "Admin")]

but after i login, it still cant get in.

1 answer

  • answered 2016-11-06 13:17 Darkonekt

    I am doing something similar in one of my projects.  This answer is NOT using AuthorizeAttribute; but it might help some one landing here from a google search. In my case I am using it to authorize based on custom logic.

    First my custom attribute class:

    public class CustomAuthorizationAttribute : ActionFilterAttribute
    
{
    
    private readonly IMyDepedency _dp;
    
    public CustomAuthorizationAttribute(IMyDepedency dp)
    
    {
    
        _dp = dp;
    
    }
    
    public override void OnActionExecuting(ActionExecutingContext context)
    
    {
    
        var isValid = false;
    
       //write my validation and authorization logic here
    
        if(!isValid)
    
        {
    
            var unauthResult = new UnauthorizedResult();

            context.Result = unauthResult;
    
        }

        base.OnActionExecuting(context);
    
    }
    
}

    I decorate my controllers like this:

    [ServiceFilter(typeof (CustomAuthorizationAttribute))]

    Then in my Startup class

    public void ConfigureServices(IServiceCollection services)
    
{
    
     // Add framework services.
    
     services.AddMvc();

   // my other stuff that is not relevant in this post

     // Security
    
     services.AddTransient<CustomAuthorizationAttribute>();
    
 }

相关文章