AllowAnonymous not working with Custom AuthorizationAttribute

后端未结

关注

 8  604

This has had me stumped for a while. None of the commonly encountered similar situations seem to apply here apparently. I\'ve probably missed something obvious but I can\'

相关标签:

8条回答

星月不相逢

2020-12-03 06:50

Here is a solution for ASP.NET Core 2+ and ASP.NET Core 3+. Add it into IAsyncAuthorizationFilter implementation:

private static bool HasAllowAnonymous(AuthorizationFilterContext context)
{
    var filters = context.Filters;
    return filters.OfType<IAllowAnonymousFilter>().Any();
}

And check like this:

public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
    if(HasAllowAnonymous(context))
        return;
}

0 讨论(0)

没有蜡笔的小新

2020-12-03 06:51
In my case, none of the above solutions worked. I am using .Net Core 3.1 with a custom IAuthorizationFilter and I had to do the following:
```
public void OnAuthorization(AuthorizationFilterContext context)
    {
        if (context.ActionDescriptor.EndpointMetadata.OfType<AllowAnonymousAttribute>().Any()) return;
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

感情败类

2020-12-03 06:54

I must be using a different version of the .net framework or web api but hopefully this helps someone:

        bool skipAuthorization = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any() || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();
        if (skipAuthorization)
        {
            return;
        }

0 讨论(0)

眼角桃花

2020-12-03 06:55

Using MVC 5
Steps to overcome this issue:-
1. Update your Anonymous attribute of WebAPI project and make it like

[System.Web.Mvc.AllowAnonymous]

Now go to your custom attribute class and write the code

 public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext filterContext)
{
    if (filterContext == null)
    {
        throw new UnauthorizedAccessException("Access Token Required");
    }
    base.OnAuthorization(filterContext);
    if (filterContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any())
    {
        return;
    }
    if (filterContext.Request.Headers.Authorization != null)
    {
        var response = 
 PTPRestClient.GetRequest(filterContext.Request.Headers.Authorization.ToString(), 
 "api/validate/validate-request");
        if (!response.IsSuccessStatusCode)
        {
            throw new UnauthorizedAccessException();
        }


    }
    else
    {
        throw new UnauthorizedAccessException("Access Token Required");
    }
}

0 讨论(0)

一个人的身影

2020-12-03 06:56

In the AuthorizeAttribute there is the following code:

private static bool SkipAuthorization(HttpActionContext actionContext)
{
    Contract.Assert(actionContext != null);

    return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any()
               || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();
}

Include this method in your AuthorizeAttribute class then add the following to the top of your OnAuthorization method to skip authorization if any AllowAnonymous attributes are found:

if (SkipAuthorization(actionContext)) return;

0 讨论(0)

我寻月下人不归

2020-12-03 06:56

ASP.NET MVC 4:

bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
                         || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);

 private static bool SkipAuthorization(AuthorizationContext filterContext)
    {
        Contract.Assert(filterContext != null);

        return filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any()
               || filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any();
    }

Soruce: http://weblogs.asp.net/jongalloway/asp-net-mvc-authentication-global-authentication-and-allow-anonymous

0 讨论(0)

1 2 下一页