I'm migrating my project to asp.net core and I'm stuck in migrating my CustomAuthorization attribute for my controllers. Here is my code.

public class CustomAuthorization : AuthorizeAttribute

{

    public string Url { get; set; }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)

    {

        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)

        {

            filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);

        }

        else if (!Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))

        {

            filterContext.Result = new ViewResult

            {

                ViewName = "AcessDenied"

            };

        }

        else

        {

            base.HandleUnauthorizedRequest(filterContext);

        }

    }

}

then i used it to my controllers

[CustomAuthorization(Url = "/Admin/Account/Login", Roles = "Admin")]

public abstract class AdminController : Controller { }

so, basically i can use it to redirect to different login page when roles is not met. I have few areas and each of them have different login page. I tried using the CookieAuthenticationOptions like this

services.Configure<CookieAuthenticationOptions>(options =>

{

    options.AuthenticationScheme = "Admin";

    options.LoginPath = "/Admin/Account/Login";

});

then on my admin controller

[Area("Admin")]

[Authorize(ActiveAuthenticationSchemes = "Admin", Roles = "Admin")]

but after i login, it still cant get in.

1 answer

• answered 2016-11-06 13:17 Darkonekt

  I am doing something similar in one of my projects.  This answer is NOT using AuthorizeAttribute; but it might help some one landing here from a google search. In my case I am using it to authorize based on custom logic.

  First my custom attribute class:

  public class CustomAuthorizationAttribute : ActionFilterAttribute
  
  {
  
      private readonly IMyDepedency _dp;
  
      public CustomAuthorizationAttribute(IMyDepedency dp)
  
      {
  
          _dp = dp;
  
      }
  
      public override void OnActionExecuting(ActionExecutingContext context)
  
      {
  
          var isValid = false;
  
         //write my validation and authorization logic here
  
          if(!isValid)
  
          {
  
              var unauthResult = new UnauthorizedResult();
  
              context.Result = unauthResult;
  
          }
  
          base.OnActionExecuting(context);
  
      }
  
  }
  
  

  I decorate my controllers like this:

  [ServiceFilter(typeof (CustomAuthorizationAttribute))]
  
  

  Then in my Startup class

  public void ConfigureServices(IServiceCollection services)
  
  {
  
       // Add framework services.
  
       services.AddMvc();
  
     // my other stuff that is not relevant in this post
  
       // Security
  
       services.AddTransient<CustomAuthorizationAttribute>();
  
   }