authorize-attribute

I use a custom AuthorizationFilter like the followings: public class ActionAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { if(!httpContext.User.Identity.IsAuthenticated) return false; if(IsUserExcluded()) return false; else return IsRoleAuthorize(httpContext); } } I use this filter at the top of each action I have, and for check Is Authorized, need Action Name, Controller Name, And Area Name. So is there any way to get this names in AuthorizeCore() method like use System.Web.HttpContextBase ? if answer is No then how can

I was wondering how you could mock that a controller is decorated with the [Authorize] attribute in MVC3? I am using a custom membership provider. I would like to test that a controller been decorated with the attribute and you are authorized and what happens when you are not. I'm using Moq. Any good suggestions on this?! UPDATE: I'm currently getting an NullreferenceException saying "object reference not set to an instance of an object". It's the same error as previously mentioned in this post NullReferenceException while using Authorize Attribute This is related to the Authorize attribute. I

I am using ASP.Net Core Web Api 2 on .Net 2.1 Framework I have custom AppUsers and AppRoles tables, linked with bridge table AppUserRoles My main problem is that I want to use [Authorize(Roles = "UserRole")] As User.Identity is working fine and I am getting user Id from User.Identity.Name I thought there was some way to set roles and check them before controller request, or to use User.IsInRole("UserRole") for checking inside controller. Is it possible to rebuild or overload .IsInRole("UserRole") function or [Authorize(Roles = "UserRole")] attribute background function somehow, so I could

Today I started playing with the MVC 3 Beta. Started with an application from default MVC 3 template, added a new action in the Home controller as follows(with a view for it) [Authorize] public ActionResult Secured() { ViewModel.Message = "This is secured area, only authenticated users should be here."; return View(); } Now when I try to go to navigate to Secured action I get a 404 page not found error. Here is the authentication section from my web.config. <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> If I understood it right the Authorize

I have sets of controllers which are each used for each authorization type. For example, a class A authorization will have a set of controllers each which require class A authorization. Is there a way to place one [Authorize(Role="Class A")] attribute somewhere which will apply to each of those controllers without having to decorate each controller with the same attribute? You can initialize those controllers derived from your base controller. namely put your attribute on a controller base class and to ensure that each controller within derived from base class. [Authorize(Role="Class A")]

I'm in a bit of a bind with implementing Roles in ASP.NET MVC 5. I am attempting to log in as a user that does not have a role required to access the area of the application I'm trying to reach. What I would expect in this scenario is, I'm redirected to the login page again, and will be until I enter a set of credentials that do have access or I navigate to another area of the application. What is actually happening is that the application appears to go into a login redirect loop, debugging through reveals that the Login action is being called multiple times. Here is the login action:

Maybe I should back-up and widen the scope before diving into the title question... I'm currently writing a web app in ASP.NET MVC 1.0 (although I do have MVC 2.0 installed on my PC, so I'm not exactly restricted to 1.0) -- I've started with the standard MVC project which has your basic "Welcome to ASP.NET MVC" and shows both the [Home] tab and [About] tab in the upper-right corner. Pretty standard, right? I've added 4 new Controller classes, let's call them "Astronomer", "Biologist", "Chemist", and "Physicist". Attached to each new controller class is the [Authorize] attribute. For example,