[转]How to override HandleUnauthorizedRequest in ASP.NET Core

本文转自：http://quabr.com/40446028/how-to-override-handleunauthorizedrequest-in-asp-net-core

I'm migrating my project to asp.net core and I'm stuck in migrating my CustomAuthorization attribute for my controllers. Here is my code.

public class CustomAuthorization : AuthorizeAttribute
{
    public string Url { get; set; }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);
        }
        else if (!Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))
        {
            filterContext.Result = new ViewResult
            {
                ViewName = "AcessDenied"
            };
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
}

then i used it to my controllers

[CustomAuthorization(Url = "/Admin/Account/Login", Roles = "Admin")]
public abstract class AdminController : Controller { }

so, basically i can use it to redirect to different login page when roles is not met. I have few areas and each of them have different login page. I tried using the CookieAuthenticationOptions like this

services.Configure<CookieAuthenticationOptions>(options =>
{
    options.AuthenticationScheme = "Admin";
    options.LoginPath = "/Admin/Account/Login";
});

then on my admin controller

[Area("Admin")]
[Authorize(ActiveAuthenticationSchemes = "Admin", Roles = "Admin")]

but after i login, it still cant get in.

1 answer

• answered 2016-11-06 13:17 Darkonekt

  I am doing something similar in one of my projects.  This answer is NOT using AuthorizeAttribute; but it might help some one landing here from a google search. In my case I am using it to authorize based on custom logic.

  First my custom attribute class:

  public class CustomAuthorizationAttribute : ActionFilterAttribute
  {
      private readonly IMyDepedency _dp;
      public CustomAuthorizationAttribute(IMyDepedency dp)
      {
          _dp = dp;
      }
      public override void OnActionExecuting(ActionExecutingContext context)
      {
          var isValid = false;
         //write my validation and authorization logic here 
          if(!isValid)
          {
              var unauthResult = new UnauthorizedResult();
  
              context.Result = unauthResult;                
          }
  
          base.OnActionExecuting(context);
      }
  }
  

  I decorate my controllers like this:

  [ServiceFilter(typeof (CustomAuthorizationAttribute))]
  

  Then in my Startup class

  public void ConfigureServices(IServiceCollection services)
  {
       // Add framework services.
       services.AddMvc();
  
     // my other stuff that is not relevant in this post
  
       // Security
       services.AddTransient<CustomAuthorizationAttribute>();
   }