authorize-attribute

问题 I'm currently trying to implement security in a new ASP MVC 5 application, based on user roles. The goal is to prevent users from accessing certain controllers or controller methods if they don't have a certain role (or higher). Based on what I've read on the question so far, I created an attribute that inherits AuthorizeAttribute which looks like this (MyAppRole is an enum, btw) : [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]

问题 Can someone explain why the authorize attribute lifecycle appears to be managed relative to the class or method it is applied to? This is as opposed to be managed relative to the request lifecycle. If I decorate a controller at the class level the authorize attributes constructor only gets called once across multiple requests to the same controller. If I decorate each controller method then I get new authorize attribute constructor calls for each controller method called. What's this behavior

问题 I wondered if/how I can override the default [Authorize] behavior in ASP.NET MVC. I know that I can create a new Action Filter, make my own attribute and so forth; I am merely interested if I can simply change the [Authorize] behavior and replace its workings with my own code? Edit : Guys and Girls. I appreciate your input but as I wrote, I am not looking to introduce a new [XYZAuthorize] Attribute. I'm aware of how to do this. I want to keep the [Authorize] notation but just change how it

问题 I've API created in asp.net core 2.0 where I am using mixed mode authentication. For some controllers JWT and for some using windows authentication. I've no problem with the controllers which authorize with JWT. But for the controllers where I want to use windows authentication I am indefinitely prompted with user name and password dialog of chrome. Here my sample controller code where I want to use Windows Authentication instead of JWT. [Route("api/[controller]")] [Authorize

问题 I'm working on a project that will use windows role providers and I want to limit functionality to certain AD groups. With MVC, I could use an AuthorizeAttribute above my action methods and redirect accordingly. Is there something similar I can do for a standard web forms application (.NET 3.5) that doesn't use MVC? 回答1: You can set this up in web.config with the authorization element. <configuration> <system.web> <authorization> <allow roles="domainname\Managers" /> <deny users="*" /> <

问题 I'm making an ajax call using jquery to an asp.net mvc controller action: [AcceptVerbs(HttpVerbs.Post)] public ActionResult GetWeek(string startDay) { var daysOfWeek = CompanyUtility.GetWeek(User.Company.Id, startDay); return Json(daysOfWeek); } When session times out, this call will fail, as the User object is stored in session. I created a custom authorize attribute in order to check if session was lost and redirect to the login page. This works fine for page requests, however it doesn't

问题 I'm having a very strange problem with SignalR and I do not know what to do with it. I made a simple SignalR application from tutorial (http://www.asp.net/signalr/overview/signalr-20/getting-started-with-signalr-20/tutorial-getting-started-with-signalr-20) in VB.NET, the only thing I changed was that I added <Authorize()> attribute to the Hub class, and made the Send message method grab user name from context. We have development server (Windows Server 2008 R2, IIS7, .NET 4.5.1.). In the

问题 I want to use Cookie for storing bearer token in my asp.net mvc application and I want that Cookie will be checked per request for client authentication (I don't want to add "Autentication" header for each request on the front-end). How can I implement it? Thank you. 回答1: You can create a cookie provider to handle Authorization. Check this https://alexdunn.org/2017/03/31/asp-net-tips-consuming-bearer-tokens-as-a-cookie/ 来源： https://stackoverflow.com/questions/53648462/bearer-token

问题 I have overridden the HandleUnauthorizedRequest method in my asp.net mvc application to ensure it sends a 401 response to unauthorized ajax calls instead of redirecting to login page. This works perfectly fine when I run it locally, but my overridden method doesn't get called once I deploy to IIS. The debug point doesn't hit my method at all and straight away gets redirected to the login page. This is my code: public class AjaxAuthorizeAttribute : AuthorizeAttribute { protected override void

问题 I am using an AuthorizeAttribute to check that users have an over 18 age cookie set to access pages. This works fine, but I am extending in slightly now. As all Views use this Attribute, I am using it to allow me to launch my site early. If uses add ?VIEWSITE=true to any URL, it will set a Session variable, and allow them access to the site. Otherwise, they get directed to a holding page. This works fine first time the page runs. But, I am using output caching on the page, and the next time