authorize-attribute

问题 There are a lot of similar questions out there but this has me stumped. If I used [Authorize] I get prompted for a username and password but if I use [InternalAuthorizeV2] I don't I have a custom AuthorizeAttribute that for the moment does not do any anything special (I'm limiting things that could be wrong). [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)] public class InternalAuthorizeV2Attribute: AuthorizeAttribute {} and a Action

问题 I have created HomeController decorated with AuthorizeAttribute , and also created AccountController , but it is not redirecting to the Login() action of AccountController . Home controller: [Authorize] public class HomeController : Controller { public ActionResult Index() { return View(); } } Account controller: public class AccountController : Controller { [HttpGet] public ActionResult Login() { return View(); } [HttpPost] public ActionResult Login(LogOnCustom log) { if(ModelState.IsValid)

问题 I've never seen this happen before: I've decorated a controller with an [Authorize (Roles = "Admin"] attribute, but instead of sending unregistered/un-signed users to the Login View via 302 redirect, a javascript-generated sign-in prompt appears in the Chrome browser: After entering in his or her credentials, the user is then given a 401 error. The suggestions on SO for setting the <authentication mode> and removing the <FormsAuthenticationModule> in Web.Config don't alter this behavior. I

问题 My site is open to all but i have a controller with some method that only the manager with the user and password can enter. I'm saving the bool IsManager in a session . I would like to use the authorize attribute to block whom ever IsManager == false . 回答1: First define an ActionFilter : public class TheFilter: ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { var session = filterContext.HttpContext.Session; if ((bool?)session["IsManager"]

问题 I use a custom AuthorizationFilter like the followings: public class ActionAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { if(!httpContext.User.Identity.IsAuthenticated) return false; if(IsUserExcluded()) return false; else return IsRoleAuthorize(httpContext); } } I use this filter at the top of each action I have, and for check Is Authorized, need Action Name, Controller Name, And Area Name. So is there any way to get

问题 I am using ASP.Net Core Web Api 2 on .Net 2.1 Framework I have custom AppUsers and AppRoles tables, linked with bridge table AppUserRoles My main problem is that I want to use [Authorize(Roles = "UserRole")] As User.Identity is working fine and I am getting user Id from User.Identity.Name I thought there was some way to set roles and check them before controller request, or to use User.IsInRole("UserRole") for checking inside controller. Is it possible to rebuild or overload .IsInRole(

问题 I have an object that contains all login data, that's in my controller (it was programmed before switching to MVC3). I'm trying to add authorization to the site, so so far I have: public LoginObject MyLoginObject { get; set; } [CustomAuthorization()] public ActionResult Index() { return View(); } and public class CustomAuthorization : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { return true; //should be return myLoginObject.IsLoggedIn; } } Is there

问题 I am trying to write a Login method that authenticates and authorizes users into my web site developed with ASP.NET MVC 4. The problem is, although I call the FormsAuthentication.SetAuthCookie method after validating the user inside the Login method and redirect to ViewProfile action, User.Identity.IsAuthenticated returns still false in my custom Authorize attribute object. I gave the code below: [HttpPost] [AllowAnonymous] public ActionResult Login(LoginModel model) { if (Membership

问题 I am working on an ASP.NET Core 2 web application. I am handling Access Denied page for [Authorize (roles OR policies)] pages. By default, Instead of showing the original URL and returning 403 status, ASP.NET Core 2.0 redirects the request to an AccessDenied page with status is 302 -> This is not what I want. Instead of redirecting AccessDenied page. I want ASP.NET Core throws my custom ForbiddenException exception so I can handle unauthorized accesses like I do for Unhandled exceptions. Here

问题 AuthorizeAttribute requires you to override the OnAuthorization method and IAuthorizationFilter requires you to implement an OnAuthorization method. Seems like the same thing to me, are there any other differences? Why would one be used over the other? EDIT: To clarify, I'm trying to understand what the difference is between the following 2 pieces of code. public class PasswordExpirationCheckAttribute : AuthorizeAttribute { private int _maxPasswordAgeInDays; public