MVC4 Forms Authentication Active Directory Custom Authorize Attribute

Question

In my C# MVC4 application I am using Forms Based Authentication with Active Directory. I have a custom AD membership provider. I have tested successfully that it can read and verify which groups a user belongs to. Now, Im trying to create a custom authorize attribute which will do the following:

if (user is logged-in/not timed-out/authenticated)
{
   if (user's role is equal to role 1 or role 2)
      {
        return a specific view or (preferably) perform a specific redirect to action
      }
   else
      {
       return a different specific view or (preferably) perform a different specific     redirect to action
      }
}
else
    {    
     return View
    }

Here is what I have so far:

public class AuthorizeEditAttribute : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext.Request.IsAuthenticated)
            {
                if ((httpContext.User.IsInRole("group1")) || (httpContext.User.IsInRole("group2")))
                {

                    return true;
                }
                else
                {
                    return false;
                }
            }
            else
            {
                return false;
            }
}

I cant figure out how to also perform the redirect tasks. I've looked at this post which discussing how to do a redirect but don't understand how I can integrate this with what I have so far. Specifically because I believe I have to use AuthorizeCore to get access to httpcontext.user for the first check I perform and I do not know how to pass in another parameter of type AuthorizationContext needed to do what appears to be passing along the desired path for the redirect.

Answer 1

I think you should also overwrite the OnAuthorization method. This has an AuthorizationContext parameter that may allow you to set the Result to a RedirectResult of your liking...