Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to create a custom attribute that will redirect to Login if it returns false, similar to the Authorize attribute - ASP.NET MVC

Tags:

c#

.net

asp.net

asp.net-mvc

asp.net-mvc-4

I tried Googling a few things about custom attributes but I'm still not sure how to go about it....

I'm storing a few important details of the user in Session cookies (ex UserID) once the user log's in.. and all I want to do is create an attribute where if the

if (Session["UserID"] == null)

then it will redirect to login just like the [Authorize] attribute does. That way I can apply this attribute on the Controller level everywhere.

Should I overwrite the Authorize attribute? Create a new one? How do I get it to redirect to login as well?

I'm also using ASP.NET MVC 4

Thanks for any help

like image 920
user1189352 Avatar asked Oct 03 '15 17:10

user1189352

People also ask

What is Authorize filter in MVC?

Authorization filters allow you to perform authorization tasks for an authenticated user. A good example is Role based authorization. ASP.NET MVC 4 also introduced a built-in AllowAnonymous attribute. This attribute allows anonymous users to access certain Controllers/Actions.

2 Answers

You can create a custom AuthorizeAttribute and override AuthorizeCore() and HandleUnauthorizedRequest() as required. Add your own logic which will do the check and redirect if necessary.

I'm just showing a simple example using MVC's ActionFilterAttribute (which is not the best place to do authentication/authorization)

public class VerifyUserAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        var user = filterContext.HttpContext.Session["UserID"];
        if (user == null)
            filterContext.Result = new RedirectResult(string.Format("/User/Login?targetUrl={0}",filterContext.HttpContext.Request.Url.AbsolutePath));
    }
}

Do not forget to set the Session["UserID"] variable in your /User/Login action method after proper user validation.

like image 186
Arghya C Avatar answered Oct 17 '22 01:10

Arghya C

You can create your own version of the Authorize attribute by implementing the IAuthorizationFilter interface. Here's an example:

class MyCustomFilter : FilterAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Session["UserID"] == null)
        {
            filterContext.Result = new RedirectResult("/");
        }
    }
}

and a usage example:

[MyCustomFilter]
public ActionResult About()
{
    ViewBag.Message = "Your application description page.";

    return View();
}
like image 27
Nasreddine Avatar answered Oct 17 '22 02:10

Nasreddine
Sign in to Comment

Related questions

HttpClient PutAsync doesn't send a parameter to api
Getting localized strings for DayOfWeek values
How to change the encoding of the HttpClient response
Using a Kendo Grid, how do you change the wording on the "Create" button in the toolbar?
"Grouping" dictionary by value
How to initialize multi-dimensional array with different default value
wpf command parameter from other object
How Can Convert DataRow to DataRowView in c#
How do you get a DbEntityEntry EntityKey object with unknown name
What is the difference between connection.Close() and connection.Dispose()? [duplicate]
Detecting IE11 with C#
Return multiple recordsets from stored proc in C#
How do I find the mode of a list<double>?
Unicode characters in Regex
How to correctly encode MailTo links in ASP.NET MVC?
"Fluent methods may not be invoked on a Query created via CloudTable.CreateQuery<T>()" exception
"..." cannot implement an interface member because it is not public
C# compare two DateTimes
Which layer should i declare enums?
Projection of mongodb subdocument using C# .NET driver 2.0

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!