authorize-attribute

Attribute inheriting from AuthorizeAttribute not working

帅比萌擦擦* 提交于 2019-12-21 17:56:46
问题 I'm currently trying to implement security in a new ASP MVC 5 application, based on user roles. The goal is to prevent users from accessing certain controllers or controller methods if they don't have a certain role (or higher). Based on what I've read on the question so far, I created an attribute that inherits AuthorizeAttribute which looks like this (MyAppRole is an enum, btw) : [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]

Authorize Attribute Lifecycle

做~自己de王妃 提交于 2019-12-19 00:25:19
问题 Can someone explain why the authorize attribute lifecycle appears to be managed relative to the class or method it is applied to? This is as opposed to be managed relative to the request lifecycle. If I decorate a controller at the class level the authorize attributes constructor only gets called once across multiple requests to the same controller. If I decorate each controller method then I get new authorize attribute constructor calls for each controller method called. What's this behavior

Is it possible to override the default behavior of [Authorize] in ASP.NET MVC?

不羁的心 提交于 2019-12-18 03:35:11
问题 I wondered if/how I can override the default [Authorize] behavior in ASP.NET MVC. I know that I can create a new Action Filter, make my own attribute and so forth; I am merely interested if I can simply change the [Authorize] behavior and replace its workings with my own code? Edit : Guys and Girls. I appreciate your input but as I wrote, I am not looking to introduce a new [XYZAuthorize] Attribute. I'm aware of how to do this. I want to keep the [Authorize] notation but just change how it

ASP.Net Core 2.0 mixed authentication of JWT and Windows Authentication doesn't accept credentials

好久不见. 提交于 2019-12-17 22:18:16
问题 I've API created in asp.net core 2.0 where I am using mixed mode authentication. For some controllers JWT and for some using windows authentication. I've no problem with the controllers which authorize with JWT. But for the controllers where I want to use windows authentication I am indefinitely prompted with user name and password dialog of chrome. Here my sample controller code where I want to use Windows Authentication instead of JWT. [Route("api/[controller]")] [Authorize

is there an authorizeattribute equivalent to just standard web forms (not MVC) for .net

别来无恙 提交于 2019-12-17 14:50:35
问题 I'm working on a project that will use windows role providers and I want to limit functionality to certain AD groups. With MVC, I could use an AuthorizeAttribute above my action methods and redirect accordingly. Is there something similar I can do for a standard web forms application (.NET 3.5) that doesn't use MVC? 回答1: You can set this up in web.config with the authorization element. <configuration> <system.web> <authorization> <allow roles="domainname\Managers" /> <deny users="*" /> <

Handling session timeout in ajax calls

生来就可爱ヽ(ⅴ<●) 提交于 2019-12-17 02:20:30
问题 I'm making an ajax call using jquery to an asp.net mvc controller action: [AcceptVerbs(HttpVerbs.Post)] public ActionResult GetWeek(string startDay) { var daysOfWeek = CompanyUtility.GetWeek(User.Company.Id, startDay); return Json(daysOfWeek); } When session times out, this call will fail, as the User object is stored in session. I created a custom authorize attribute in order to check if session was lost and redirect to the login page. This works fine for page requests, however it doesn't

An unexpected behavior of Authorize attribute in SignalR hub, Windows Authentication

做~自己de王妃 提交于 2019-12-12 02:03:49
问题 I'm having a very strange problem with SignalR and I do not know what to do with it. I made a simple SignalR application from tutorial (http://www.asp.net/signalr/overview/signalr-20/getting-started-with-signalr-20/tutorial-getting-started-with-signalr-20) in VB.NET, the only thing I changed was that I added <Authorize()> attribute to the Hub class, and made the Send message method grab user name from context. We have development server (Windows Server 2008 R2, IIS7, .NET 4.5.1.). In the

Bearer token authentication with cookie

有些话、适合烂在心里 提交于 2019-12-11 15:35:16
问题 I want to use Cookie for storing bearer token in my asp.net mvc application and I want that Cookie will be checked per request for client authentication (I don't want to add "Autentication" header for each request on the front-end). How can I implement it? Thank you. 回答1: You can create a cookie provider to handle Authorization. Check this https://alexdunn.org/2017/03/31/asp-net-tips-consuming-bearer-tokens-as-a-cookie/ 来源: https://stackoverflow.com/questions/53648462/bearer-token

Custom authorize attribute doesn't work after deploying to IIS

丶灬走出姿态 提交于 2019-12-11 10:44:03
问题 I have overridden the HandleUnauthorizedRequest method in my asp.net mvc application to ensure it sends a 401 response to unauthorized ajax calls instead of redirecting to login page. This works perfectly fine when I run it locally, but my overridden method doesn't get called once I deploy to IIS. The debug point doesn't hit my method at all and straight away gets redirected to the login page. This is my code: public class AjaxAuthorizeAttribute : AuthorizeAttribute { protected override void

session becoming null in MVC AuthorizeAttribute

不问归期 提交于 2019-12-11 03:34:30
问题 I am using an AuthorizeAttribute to check that users have an over 18 age cookie set to access pages. This works fine, but I am extending in slightly now. As all Views use this Attribute, I am using it to allow me to launch my site early. If uses add ?VIEWSITE=true to any URL, it will set a Session variable, and allow them access to the site. Otherwise, they get directed to a holding page. This works fine first time the page runs. But, I am using output caching on the page, and the next time