[转]HowtooverrideHandleUnauthorizedRequestinASP.NETCore

OStack程序员社区-中国程序员成长平台 › 门户 › 编程› ASP.NET›ASP.NET编程经验

原作者: [db:作者] 来自: [db:来源] 收藏邀请

本文转自：http://quabr.com/40446028/how-to-override-handleunauthorizedrequest-in-asp-net-core

I'm migrating my project to asp.net core and I'm stuck in migrating my CustomAuthorization attribute for my controllers. Here is my code.

public class CustomAuthorization : AuthorizeAttribute
{
    public string Url { get; set; }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);
        }
        else if (!Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))
        {
            filterContext.Result = new ViewResult
            {
                ViewName = "AcessDenied"
            };
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
}

then i used it to my controllers

[CustomAuthorization(Url = "/Admin/Account/Login", Roles = "Admin")]
public abstract class AdminController : Controller { }

so, basically i can use it to redirect to different login page when roles is not met. I have few areas and each of them have different login page. I tried using the CookieAuthenticationOptions like this

services.Configure<CookieAuthenticationOptions>(options =>
{
    options.AuthenticationScheme = "Admin";
    options.LoginPath = "/Admin/Account/Login";
});

then on my admin controller

[Area("Admin")]
[Authorize(ActiveAuthenticationSchemes = "Admin", Roles = "Admin")]

but after i login, it still cant get in.

1 answer

answered 2016-11-06 13:17 Darkonekt

I am doing something similar in one of my projects. This answer is NOT using AuthorizeAttribute; but it might help some one landing here from a google search. In my case I am using it to authorize based on custom logic.

First my custom attribute class:

public class CustomAuthorizationAttribute : ActionFilterAttribute
{
    private readonly IMyDepedency _dp;
    public CustomAuthorizationAttribute(IMyDepedency dp)
    {
        _dp = dp;
    }
    public override void OnActionExecuting(ActionExecutingContext context)
    {
        var isValid = false;
       //write my validation and authorization logic here 
        if(!isValid)
        {
            var unauthResult = new UnauthorizedResult();

            context.Result = unauthResult;                
        }

        base.OnActionExecuting(context);
    }
}

I decorate my controllers like this:

[ServiceFilter(typeof (CustomAuthorizationAttribute))]

Then in my Startup class

public void ConfigureServices(IServiceCollection services)
{
     // Add framework services.
     services.AddMvc();

   // my other stuff that is not relevant in this post

     // Security
     services.AddTransient<CustomAuthorizationAttribute>();
 }