TechQA.

asp.net MVC Custom Filters [RESTAuthorize] is ignored

1.9k views Asked by At

The [RESTAuthorization] is being ignored and instead jump into the code to Get all the Country without checking for the Rest Authorization filter.

Here is the code for RESTAuthorization

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.Mvc; 
using MyWebsite.Repository;

namespace MyWebsite.API.Attributes
{
    public class RESTAuthorizeAttribute : AuthorizeAttribute
    {
        private ISecurityRepository _repository;

        public RESTAuthorizeAttribute()
            : this(new SecurityRepository())
        {

        }

        public RESTAuthorizeAttribute(ISecurityRepository repository)
        {
            _repository = repository;
        }

        private const string _securityToken = "token";

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (Authorize(filterContext))
            {
                return;
            }

            HandleUnauthorizedRequest(filterContext);
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }

        private bool Authorize(AuthorizationContext actionContext)
        {
            try
            {
                HttpRequestBase request = actionContext.RequestContext.HttpContext.Request;
                string token = request.Params[_securityToken];
                string ip = _repository.GetIP(request);

                return _repository.IsTokenValid(token, ip, request.UserAgent);
            }
            catch (Exception)
            {
                return false;
            }
        }
    }
}

Here's the code for get all country. The RestAuthorize is being ignore

[RESTAuthorize]
[HttpGet]
public IEnumerable<dtoCountry> GetAllCountry()
{
    try
    {
        return _repository.GetAllCountry().ToList();
    }
    catch (UnauthorizedAccessException)
    {
        throw new HttpResponseException(HttpStatusCode.Unauthorized);
    }
    catch (Exception)
    {
        throw new HttpResponseException(HttpStatusCode.InternalServerError);
    }
}
c# asp.net-web-api asp.net-web-api2 asp.net-mvc-custom-filter
Original Q&A
2

There are 2 answers

0
Gaurav Dubey On 
 public class Authorizetest: System.Web.Http.AuthorizeAttribute
{
    private const string _securityToken = "token"; 
    public override void OnAuthorization(HttpActionContext actionContext)
    {

       if(Authorize(actionContext))
        {
            return;
        }
        HandleUnauthorizedRequest(actionContext);  
    }

    protected override void HandleUnauthorizedRequest(HttpActionContextactionContext)
    {
        base.HandleUnauthorizedRequest(actionContext);
    }

    private bool Authorize(HttpActionContext actionContext)
    {         
        try
        {                           
            var context = new HttpContextWrapper(HttpContext.Current);
            HttpRequestBase request = context.Request;              
            string token = request.Params[_securityToken];
            bool xyz = ValidatingTokens.IsTokenValid(token, 
            CommonManager.GetIP(request), request.UserAgent);
            return xyz;
        }
        catch (Exception)
        {
            return false;
        }
    }
}
8
Tasos K. On

Assuming that you implement the System.Web.Http.AuthorizeAttribute, you need to implement the method:

protected override bool IsAuthorized(HttpActionContext actionContext)
{

}

I believe that calling OnAuthorization is not necessary (but you can keep it if you need it), so your code example would look like this:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace MyWebsite.API.Attributes
{
    public class RESTAuthorizeAttribute : AuthorizeAttribute
    {
        private ISecurityRepository _repository;

        public RESTAuthorizeAttribute()
            : this(new SecurityRepository())
        {

        }

        public RESTAuthorizeAttribute(ISecurityRepository repository)
        {
            _repository = repository;
        }

        private const string _securityToken = "token";

        // This function actually decides whether this request will be accepted or not
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            //TODO Return true or false, whether you need to accept this request or not
        }
    }
}

Related Questions in C#

Related Questions in ASP.NET-WEB-API

Related Questions in ASP.NET-WEB-API2

Related Questions in ASP.NET-MVC-CUSTOM-FILTER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions