Reputation: 5756
Custom authorization per action call in Web API
I need to grant permissions for users to call exact actions. And also each permission rule can contain validation rules for action arguments:
[CustomAuth]
public MyController : ApiController
{
[ValidateAccess, ActionName("Myaction")]
public void MyAction([MyTypeAccess] MyType myType)
{
}
}
In my logic i need to check can user call this action and can he call this action with passed MyType value (custom validation). At the moment i dont see how to get attributes from custom AuthorizeAttribute and i see the solution with Castle interceptors, i'm using for my another purposes (from invocation info).. Is there a standard way to implement this custom authorization?
Upvotes: 1
Views: 219
Answers (1)
Reputation: 5756
Didn't find any direct solution in Web API for this issue.
As i'm using Castle interceptors, i've added a new interceptor on all controllers, which are support auth. Interceptor provide access to invocation and you can retrieve any attribute and value passed to the controller/action.
Validation attribute on an action says you need to apply validation routines on this call, ActionName identifies the type of call (if necessary, in a future this will be moved to an own attribute as action name can differ in legacy controllers for old versions).
If you need to validate action parameters there set of attributes you can use, which identify the type of argument and validation algorithm.
Upvotes: 1
Related Questions
- Custom Policy-Based Authorization in ASP.NET Framework
- Custom authorizations in Web.API
- Custom Authorization in Asp.net WebApi - what a mess?
- Authenticate WEB API request with action params
- ASP.Net MVC Custom Authorization for Web API
- How to implement custom role based authorization in ASP.Net MVC
- How to separate authorization logic from controller action?
- Custom Authorize for both action and api calls?
- Authorisation Action Filters for WebAPI
- Authorize request in ASP.NET Web API based on specific user