Custom Authorization Filter in .NET Core API
You should not set the filterContext.Result if the request is successfully authorize.
//
// Summary:
// A context for authorization filters i.e. Microsoft.AspNetCore.Mvc.Filters.IAuthorizationFilter
// and Microsoft.AspNetCore.Mvc.Filters.IAsyncAuthorizationFilter implementations.
public class AuthorizationFilterContext : FilterContext
{
//
// Summary:
// Gets or sets the result of the request. Setting Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext.Result
// to a non-null value inside an authorization filter will short-circuit the remainder
// of the filter pipeline.
public virtual IActionResult Result { get; set; }
}
You only need to set Result when it's failed.
public class Authorization: AuthorizeAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
if (!ValidateToken(filterContext.HttpContext.Request.Headers["token"]))
{
filterContext.Result = new UnauthorizedResult();
}
}
}
Shreyas Pednekar
Updated on June 04, 2022Comments
-
Shreyas Pednekar almost 2 years
I want to authorize users before accessing any data using my core api, so I tried is using JWT authentication. I have successfully generated token while signing in user using api and saved that token on client side in session, now whenever user wants to access any data using api, I'll send that token in header to api and I want to validate that JWT token using custom authorization filter. I have created custom authorization filter and applied it on my GetMenu api and I'm able to validate that token successfully but after token validation in authorization filter it is not hitting it on my GetMenu api.
Here is my AccountController code:
[Filters.Authorization] [AllowAnonymous] [HttpPost] [Route("GetMenu")] public IActionResult GetMenu(string clientid, int rolecode, string repcode) { //further process }Here is my Filters.Authorization code:
public class Authorization: AuthorizeAttribute, IAuthorizationFilter { public void OnAuthorization(AuthorizationFilterContext filterContext) { if (!ValidateToken(filterContext.HttpContext.Request.Headers["token"])) { filterContext.Result = new UnauthorizedResult(); } } }I have breakpoints on OnAuthorization method and on GetMenu api. I'm calling my GetMenu api through postman to test, it is successfully hitting it on OnAuthorization method in Filters.Authorization and validating my JWT Token and displays Status Code: 200 in postman but after successful token validation it should hit on GetMenu api for further data processing but it is not hitting. What can be the issue? what am i missing? please help.
-
Mark Fitzpatrick about 5 yearsI think it's because you're explicitly setting an OkResult and that's ending processing as it's now returning that result.
-
Shreyas Pednekar about 5 yearsWhat should I write there?
-
Mark Fitzpatrick about 5 yearsHave you tried just letting it fall through? If it's not validated you want it to return unauthorized, but if it's ok you want it to just continue going.
-
Shreyas Pednekar about 5 yearsI want to continue this to my api for further data access, but it is not hitting in api after validation
-
Mark Fitzpatrick about 5 yearsYes, you're telling it not to. try commenting out the return OkResult. You're literally returning an actionresult right there. You're handling the negative result, which is what primarily matters. If the validation fails you want to kill with an unauthorized result, which you are doing.
-
MrKobayashi about 5 yearsas well as simply returning you could also maybe return a ChallengResult in the event of an anonymous user coming into the app
-
-
Shreyas Pednekar about 5 yearsI tried your solution now it is giving me Status Code 401 Unauthorized even after filter is validating my token successfully, what can be the issue now?
-
Shreyas Pednekar about 5 yearsI tried setting [AllowAnonymous] on my GetMenu controller now it is hitting on GetMenu after validating token in auth filter, but is this correct way?
-
Edward about 5 years@ShreyasPednekar Check whetherValidateToken(filterContext.HttpContext.Request.Headers["token"])return true. -
Shreyas Pednekar about 5 yearsYes it does return true
-
Edward about 5 years@ShreyasPednekar Remove
[AllowAnonymous]and[Filters.Authorization], will the method be hit? -
Shreyas Pednekar about 5 yearsYes it does hit even after removing [AllowAnonymous], but it shows Status 401 Unauthorized
-
Edward about 5 years@ShreyasPednekar Is there any demo to reproduce your issue?
-
Shreyas Pednekar about 5 yearsYes if we remove [AllowAnonymous] from GetMenu controller, it will reproduce that issue
