Custom authorization attribute not working in WebAPI

c# asp.net-mvc asp.net-web-api filter authorization
31,726

Solution 1

  1. Looks like you are using an MVC filter instead of a Web API filter. It can be detected in the sample because it uses HttpContextBase. Instead use the filter from the System.Web.Http.Filters namespace.
  2. You need to override OnAuthorization or OnAuthorizationAsync on the Web API filter.
  3. You don't need to register a global filter and decorate your controller with it. Registering it will make it run for all controllers.

Web API filter code: https://github.com/aspnetwebstack/aspnetwebstack/blob/master/src/System.Web.Http/Filters/AuthorizationFilterAttribute.cs

Solution 2

YOur custom attribute should inherit from System.Web.Http.Filters.AuthorizationFilterAttribute

and it should look like this 

using System.Web.Http.Controllers;
using System.Web.Http.Filters;
public class CustomAuthorizeAttribute : System.Web.Http.Filters.AuthorizationFilterAttribute
{   
    public override bool AllowMultiple
    {
        get { return false; }
    }

    public override void OnAuthorization(HttpActionContext actionContext)
    {
        //Perform your logic here
        base.OnAuthorization(actionContext);
    }
}

Solution 3

Try with this.

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        return true;
    }
}

Solution 4

To add onto the other answers that have you inherit from System.Web.Http.Filters.AuthorizationFilterAttribute, I put this into my OnAuthorization method to make sure the user was logged in:

if (!actionContext.RequestContext.Principal.Identity.IsAuthenticated)
{
     // or whatever sort you want to do to end the execution of the request
     throw new HttpException(403, "Forbidden");
}
Share:
31,726
b_in_U
Author by

b_in_U

'I have always been a learner because I knew nothing...' -Sidney Poitier-

Updated on July 09, 2022

Comments

  • b_in_U
    b_in_U almost 2 years 
     public class CustomAuthorizeAttribute : AuthorizationFilterAttribute
 {  
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
       return true;// if my current user is authorised
    }
 }

    Above is my CustomAuthorizeAttribute Class and

    [CustomAuthorize] // both [CustomAuthorize] and [CustomAuthorizeAttribute ] I tried 
public class ProfileController : ApiController
{
   //My Code..
}

    When I'm calling 

    http://localhost:1142/api/Profile

    It is not firing CustomAuthorizeAttribute

    More over My FilterConfig class is look like below

    public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {            
        filters.Add(new CustomAuthorizeAttribute());
    }
}

    Please help if I miss something.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

how do i get a bearer token in a .Net console application?
Custom authorizations in Web.API
Creating an MVC Controller Proxy for a Web API Controller
Asp.net WebAPI: Aborted (cancelled) requests
Web Api Not recognizing RestClient framework
Can you have 2 GET methods with different parameter types within the same web api controller?
Reading every incoming request (URL) in ASP.NET WEB API
web api model binding to an interface
Can I pass an interface based object to an MVC 4 WebApi POST?
Yet another ASP.Net WebAPI route not found