Custom authorization attribute not working in WebAPI
31,726
Solution 1
- Looks like you are using an MVC filter instead of a Web API filter. It can be detected in the sample because it uses
HttpContextBase
. Instead use the filter from theSystem.Web.Http.Filters
namespace. - You need to override OnAuthorization or OnAuthorizationAsync on the Web API filter.
- You don't need to register a global filter and decorate your controller with it. Registering it will make it run for all controllers.
Web API filter code: https://github.com/aspnetwebstack/aspnetwebstack/blob/master/src/System.Web.Http/Filters/AuthorizationFilterAttribute.cs
Solution 2
YOur custom attribute should inherit from System.Web.Http.Filters.AuthorizationFilterAttribute
and it should look like this
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
public class CustomAuthorizeAttribute : System.Web.Http.Filters.AuthorizationFilterAttribute
{
public override bool AllowMultiple
{
get { return false; }
}
public override void OnAuthorization(HttpActionContext actionContext)
{
//Perform your logic here
base.OnAuthorization(actionContext);
}
}
Solution 3
Try with this.
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
{
return true;
}
}
Solution 4
To add onto the other answers that have you inherit from System.Web.Http.Filters.AuthorizationFilterAttribute
, I put this into my OnAuthorization
method to make sure the user was logged in:
if (!actionContext.RequestContext.Principal.Identity.IsAuthenticated)
{
// or whatever sort you want to do to end the execution of the request
throw new HttpException(403, "Forbidden");
}
Author by
b_in_U
'I have always been a learner because I knew nothing...' -Sidney Poitier-
Updated on July 09, 2022Comments
-
b_in_U almost 2 years
public class CustomAuthorizeAttribute : AuthorizationFilterAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { return true;// if my current user is authorised } }
Above is my CustomAuthorizeAttribute Class and
[CustomAuthorize] // both [CustomAuthorize] and [CustomAuthorizeAttribute ] I tried public class ProfileController : ApiController { //My Code.. }
When I'm calling
http://localhost:1142/api/Profile
It is not firing
CustomAuthorizeAttribute
More over My FilterConfig class is look like below
public class FilterConfig { public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new CustomAuthorizeAttribute()); } }
Please help if I miss something.