authorize-attribute | 易学教程

MVC 4 Authorize attribute not recognizing forms auth from ASP.Net 3.5

阅读更多关于 MVC 4 Authorize attribute not recognizing forms auth from ASP.Net 3.5

问题 I am creating a new MVC 4 app for a client that I had previously created ASP.Net 3.5 (VS 2008) apps for. I created a gateway app to launch several other ASP.Net 3.5 web apps , with the gateway app handling the login and the forms authentication ticket. As long as all of the other web apps have the same settings for the forms authentication and machine key sections all other apps were able to use the forms auth objects to see if the user was authenticated. I am now creating a new MVC 4 app

Multiple authorization attributes that are aware of each other

阅读更多关于 Multiple authorization attributes that are aware of each other

问题 I have a very simple scenario. I want to decorate my controllers/actions with a custom authorization attribute. Authorization should be granted if any of the attributes is valid. For example, [MyAuth(1)] [MyAuth(2)] public class MyController : Controller { ... } I cannot combine the parameters into a single authorization attribute. The above example is a simplified example, only. If either attribute authorizes the user, I want the user to be authorized. I assumed that ActionFilterAttribute or

Get the api controllers constructor value within an AuthorizeFilter

阅读更多关于 Get the api controllers constructor value within an AuthorizeFilter

问题 When the user is authenticated I want to prevent that he updates/deletes/reads data created from other accounts... by telling him you do not have the permission 403! What is the best way to get an instance of the ISchoolyearService to invoke its HasUserPermission() method? I know I could new up the SchoolyearService here but that would defeat the reason using an IoContainer at all in my app. public class UserActionsSchoolyearAuthorizationFilter : AuthorizationFilterAttribute { public override

How to throw ForbiddenException in ASP.NET Core 2 Instead of using AccessDeniedPath

阅读更多关于 How to throw ForbiddenException in ASP.NET Core 2 Instead of using AccessDeniedPath

I am working on an ASP.NET Core 2 web application. I am handling Access Denied page for [Authorize (roles OR policies)] pages. By default, Instead of showing the original URL and returning 403 status, ASP.NET Core 2.0 redirects the request to an AccessDenied page with status is 302 -> This is not what I want. Instead of redirecting AccessDenied page. I want ASP.NET Core throws my custom ForbiddenException exception so I can handle unauthorized accesses like I do for Unhandled exceptions. Here is my authentication configuration: services.AddAuthentication(options => { options

ASP.NET MVC 4 User Authentication

阅读更多关于 ASP.NET MVC 4 User Authentication

I am trying to write a Login method that authenticates and authorizes users into my web site developed with ASP.NET MVC 4. The problem is, although I call the FormsAuthentication.SetAuthCookie method after validating the user inside the Login method and redirect to ViewProfile action, User.Identity.IsAuthenticated returns still false in my custom Authorize attribute object. I gave the code below: [HttpPost] [AllowAnonymous] public ActionResult Login(LoginModel model) { if (Membership.ValidateUser(model.Username, model.Password)) { FormsAuthentication.SetAuthCookie(model.Username, model

What is the difference between using AuthorizeAttribute or IAuthorizationFilter?

阅读更多关于 What is the difference between using AuthorizeAttribute or IAuthorizationFilter?

AuthorizeAttribute requires you to override the OnAuthorization method and IAuthorizationFilter requires you to implement an OnAuthorization method. Seems like the same thing to me, are there any other differences? Why would one be used over the other? EDIT: To clarify, I'm trying to understand what the difference is between the following 2 pieces of code. public class PasswordExpirationCheckAttribute : AuthorizeAttribute { private int _maxPasswordAgeInDays; public PasswordExpirationCheckAttribute(int maxPasswordAgeInDays) { _maxPasswordAgeInDays = maxPasswordAgeInDays; } public override void

Adding role claims - should i use the IClaimsTransformer

阅读更多关于 Adding role claims - should i use the IClaimsTransformer

问题 We would like to add a lot of role claims to the current principal (we use the Authorize(Roles) attribute), and found the IClaimsTransformer that looks like a perfect fit. We've registerd it like this app.UseClaimsTransformation(new ClaimsTransformationOptions { Transformer = new GetRolesFromDatabaseClaimsTransformer(new RoleManager2(Configuration.GetConnectionString("ourcoolapp"))) }); And the transform is like this: public Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext

Get list of custom attributes for current action/controller in ASP.NET MVC

阅读更多关于 Get list of custom attributes for current action/controller in ASP.NET MVC

问题 Checking out the sample code from http://lukesampson.com/post/471548689/entering-and-exiting-https-with-asp-net-mvc written for ASP.NET MVC2, I noticed they can check if a custom attribute is applied to the current action or controller by accessing filterContext.ActionDescriptor and filterContext.ActionDescriptor.ControllerDescriptor respectively: public class ExitHttpsIfNotRequiredAttribute : FilterAttribute, IAuthorizationFilter { public void OnAuthorization(AuthorizationContext

asp.net MVC5 - Dependency Injection and AuthorizeAttribute

阅读更多关于 asp.net MVC5 - Dependency Injection and AuthorizeAttribute

问题 I searched a long time for a solution for my problem. I have a custom AuthorizeAttribute that needs a Dependency to a "Service" that has access to a DbContext. Sadly the Dependency Injection did not work in the custom AuthorizeAttribute and was always null. I came up with an (for me) acceptable solution. Now I want to know if my solution can cause unforeseen behaviour? Global.asax.cs CustomAuthorizeAttribute.AuthorizeServiceFactory = () => unityContainer.Resolve<AuthorizeService>();

Attribute inheriting from AuthorizeAttribute not working

阅读更多关于 Attribute inheriting from AuthorizeAttribute not working

I'm currently trying to implement security in a new ASP MVC 5 application, based on user roles. The goal is to prevent users from accessing certain controllers or controller methods if they don't have a certain role (or higher). Based on what I've read on the question so far, I created an attribute that inherits AuthorizeAttribute which looks like this (MyAppRole is an enum, btw) : [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public sealed class AuthorizeRoleOrSuperiorAttribute : AuthorizeAttribute { private MyAppRole