asp.net-authorization

I am working on setting up a skeleton of custom policy based authorization which will have a set of business rules to authorized the currently logged on user. But, currently the skeleton always ends up with 401 Unauthorized . Here is my code, public class MyAuthorizationRequirement : IAuthorizationRequirement { public MyAuthorizationRequirement() { } } public class MyAuthorizationHandler : AuthorizationHandler<MyAuthorizationRequirement> { public MyAuthorizationHandler() { } protected override void Handle(AuthorizationContext context, MyAuthorizationRequirement requirement) { context.Succeed

In ASP.NET the FormsAuthenticationModule intercepts any HTTP 401, and returns an HTTP 302 redirection to the login page. This is a pain for AJAX, since you ask for json and get the login page in html, but the status code is HTTP 200. What is the way of avoid this interception in ASP.NET Web API ? In ASP.NET MVC4 it is very easy to prevent this interception by ending explicitly the connection: public class MyMvcAuthFilter:AuthorizeAttribute { protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { if (filterContext.HttpContext.Request.IsAjaxRequest() &&

Being relatively new to ASP MVC, I'm unsure which would better suit my needs. I have built an intranet site using Windows authentication and I'm able to secure controllers and actions using the Active Directory roles, e.g. [Authorize(Roles="Administrators")] [Authorize(Users="DOMAIN\User")] public ActionResult SecureArea() { ViewBag.Message = "This is a secure area."; return View(); } I need to define my own security roles independent of the AD roles. The desired functionality is that authenticated users are granted access to specific actions according to one or more roles associated with

Our app requires sign-in by either mobile number or Google. We are planning to Twitter Digits for mobile number authentication. The flow of registration and authentication as I understand is as below: Mobile app does rich authentication with Twitter Digits or Google Sign In (it’s better user experience for the user to do rich auth instead of opening a web browser tab). Twitter Digits / Google Sign In returns Identity Token. Mobile app calls AuthServer to SignIn and presents Identity Token. Identity server validates the presented Identity Token with Digits service or Google Auth Service. Once

How to force / set global authorization for all actions in MVC Core ? I know how to register global filters - for example I have: Setup.cs services.AddMvc(options => { options.Filters.Add(new RequireHttpsAttribute()); }); and this works fine, but I can't add the same for Authorize: options.Filters.Add(new AuthorizeAttribute()); I have error: Cannot convert from 'Microsoft.AspNet.Authorization.AuthorizeAttribute()' to 'System.Type' (Method .Add() needs IFilterMetadata type) I know - from similar questions - that this works on MVC4-5... So something must changed on MVC Core... Someone have any