TechQA.

MVC override AllowAnonymous attribute

7k views Asked by At

Is there a way to override AllowAnonymous attribute? I have implemented custom authorization that loads user menus & buttons from database as below:

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new MyCustomAuthorization()); // Custom Authorization for Rights & Priveleges
}

The above works fine.

Now I want to allow access to some action if a user is authenticated, no need to check authorization in this case. Example:

[Authorize]
public class MenusAndButtonsController : BaseController
{
    [Authenticated] // my custom attribute that will check if user is logged in or not
    public JsonResult GetGeneralMenuAndButtons()
    {
        using (MealPlannerAuthorizationEntities repository = new MealPlannerAuthorizationEntities())
        {
            var MenusAndButtons = repository.MP_AUTH_Menus.Where(x => x.IsButton == false && x.IsListButton == false).Select(c => new { DisplayText = c.MenuName, Value = c.MenuId }).OrderBy(x => x.DisplayText).ToList();
            return Json(new { Result = "OK", Options = MenusAndButtons }, JsonRequestBehavior.AllowGet);
        }
    }
}

Instead of AllowAnonymous, I am trying to create my own custom attribute [Authenticated] that will check if the user is logged in or not. If user is logged in it will return true and the GetGeneralMenuAndButtons will continue its operation.

asp.net-mvc-4 authentication custom-attributes filterattribute
Original Q&A
1

There are 1 answers

0
suomi-dev On BEST ANSWER

Actually AllowAnonymous class is simple empty sealed attribute class.

So when we decorate an action method with AllowAnonymous attribute, the onAuthorization method of AuthorizeAttribute simply ignores authorization and authentication checking. So in my case I also had to create an attribute (a blank sealed class inheriting from attribute class) and modify the OnAuthorization method little bit.

Below is the complete implementation:

public sealed class AuthenticateAttribute : Attribute
{
    public AuthenticateAttribute() { }
}

Then override the onAuthorization method of Authorize attribute (of course I am assuming you already have custom authorization filter implemented).

public override void OnAuthorization(AuthorizationContext filterContext)
{
    bool IsAuthenticAttribute =
        (filterContext.ActionDescriptor.IsDefined(typeof(AuthenticateAttribute), true) ||
        filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AuthenticateAttribute), true)) &&
        filterContext.HttpContext.User.Identity.IsAuthenticated;

    if (!IsAuthenticAttribute)
    {
        base.OnAuthorization(filterContext);
    }
}

Finally decorate your action method with our new Authenticate attribute:

[Authenticate]
public JsonResult GetParentMenus()
{
    using (MealPlannerAuthorizationEntities repository = new MealPlannerAuthorizationEntities())
    {
        var parentMenus = repository.MP_AUTH_Menus.Where(x => x.IsButton == false && x.IsListButton == false).Select(c => new { DisplayText = c.MenuName, Value = c.MenuId }).OrderBy(x => x.DisplayText).ToList();
        return Json(new { Result = "OK", Options = parentMenus }, JsonRequestBehavior.AllowGet);
    }
}

Related Questions in ASP.NET-MVC-4

Related Questions in AUTHENTICATION

Related Questions in CUSTOM-ATTRIBUTES

Related Questions in FILTERATTRIBUTE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions