authorize-attribute

Custom AuthorizeAttribute not called

我的梦境 提交于 2020-01-06 02:20:13
问题 There are a lot of similar questions out there but this has me stumped. If I used [Authorize] I get prompted for a username and password but if I use [InternalAuthorizeV2] I don't I have a custom AuthorizeAttribute that for the moment does not do any anything special (I'm limiting things that could be wrong). [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)] public class InternalAuthorizeV2Attribute: AuthorizeAttribute {} and a Action

Mvc Authorize attribute is not working

妖精的绣舞 提交于 2020-01-05 03:51:16
问题 I have created HomeController decorated with AuthorizeAttribute , and also created AccountController , but it is not redirecting to the Login() action of AccountController . Home controller: [Authorize] public class HomeController : Controller { public ActionResult Index() { return View(); } } Account controller: public class AccountController : Controller { [HttpGet] public ActionResult Login() { return View(); } [HttpPost] public ActionResult Login(LogOnCustom log) { if(ModelState.IsValid)

ASP.NET MVC 5 [Authorize] attribute is generating login pop-up in browser instead of redirecting to 302 login page

|▌冷眼眸甩不掉的悲伤 提交于 2020-01-05 00:57:45
问题 I've never seen this happen before: I've decorated a controller with an [Authorize (Roles = "Admin"] attribute, but instead of sending unregistered/un-signed users to the Login View via 302 redirect, a javascript-generated sign-in prompt appears in the Chrome browser: After entering in his or her credentials, the user is then given a 401 error. The suggestions on SO for setting the <authentication mode> and removing the <FormsAuthenticationModule> in Web.Config don't alter this behavior. I

mvc 3 session and authorizeAttribute

我的梦境 提交于 2020-01-01 03:46:06
问题 My site is open to all but i have a controller with some method that only the manager with the user and password can enter. I'm saving the bool IsManager in a session . I would like to use the authorize attribute to block whom ever IsManager == false . 回答1: First define an ActionFilter : public class TheFilter: ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { var session = filterContext.HttpContext.Session; if ((bool?)session["IsManager"]

Get ActionName, ControllerName and AreaName and pass it in ActionFilter Attribute

倖福魔咒の 提交于 2019-12-31 08:34:22
问题 I use a custom AuthorizationFilter like the followings: public class ActionAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { if(!httpContext.User.Identity.IsAuthenticated) return false; if(IsUserExcluded()) return false; else return IsRoleAuthorize(httpContext); } } I use this filter at the top of each action I have, and for check Is Authorized, need Action Name, Controller Name, And Area Name. So is there any way to get

ASP.Net Identity built in functions with custom tables in ASP.Net Core

余生颓废 提交于 2019-12-31 02:39:13
问题 I am using ASP.Net Core Web Api 2 on .Net 2.1 Framework I have custom AppUsers and AppRoles tables, linked with bridge table AppUserRoles My main problem is that I want to use [Authorize(Roles = "UserRole")] As User.Identity is working fine and I am getting user Id from User.Identity.Name I thought there was some way to set roles and check them before controller request, or to use User.IsInRole("UserRole") for checking inside controller. Is it possible to rebuild or overload .IsInRole(

MVC3 Custom AuthorizeAttribute : how to pass in an object from controller

夙愿已清 提交于 2019-12-24 09:17:46
问题 I have an object that contains all login data, that's in my controller (it was programmed before switching to MVC3). I'm trying to add authorization to the site, so so far I have: public LoginObject MyLoginObject { get; set; } [CustomAuthorization()] public ActionResult Index() { return View(); } and public class CustomAuthorization : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { return true; //should be return myLoginObject.IsLoggedIn; } } Is there

ASP.NET MVC 4 User Authentication

此生再无相见时 提交于 2019-12-22 20:42:14
问题 I am trying to write a Login method that authenticates and authorizes users into my web site developed with ASP.NET MVC 4. The problem is, although I call the FormsAuthentication.SetAuthCookie method after validating the user inside the Login method and redirect to ViewProfile action, User.Identity.IsAuthenticated returns still false in my custom Authorize attribute object. I gave the code below: [HttpPost] [AllowAnonymous] public ActionResult Login(LoginModel model) { if (Membership

How to throw ForbiddenException in ASP.NET Core 2 Instead of using AccessDeniedPath

限于喜欢 提交于 2019-12-22 11:27:46
问题 I am working on an ASP.NET Core 2 web application. I am handling Access Denied page for [Authorize (roles OR policies)] pages. By default, Instead of showing the original URL and returning 403 status, ASP.NET Core 2.0 redirects the request to an AccessDenied page with status is 302 -> This is not what I want. Instead of redirecting AccessDenied page. I want ASP.NET Core throws my custom ForbiddenException exception so I can handle unauthorized accesses like I do for Unhandled exceptions. Here

What is the difference between using AuthorizeAttribute or IAuthorizationFilter?

强颜欢笑 提交于 2019-12-22 04:31:32
问题 AuthorizeAttribute requires you to override the OnAuthorization method and IAuthorizationFilter requires you to implement an OnAuthorization method. Seems like the same thing to me, are there any other differences? Why would one be used over the other? EDIT: To clarify, I'm trying to understand what the difference is between the following 2 pieces of code. public class PasswordExpirationCheckAttribute : AuthorizeAttribute { private int _maxPasswordAgeInDays; public