CODEWITHSUNDEEP
asp.net-mvcasp.net-web-apiauthorize-attribute
Kenneth Avecilla
Kenneth Avecilla

Reputation: 15

Custom Authorize Attribute in Web API

I want to create my custom authorization in web API controller to check the roles of the user and if its active user. So far this is my code and I don't know yet how/what to override in this codes.

using Avanza.Conference.Persistence;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace Avanza.Conference.Core.Extensions
{
    public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        ApplicationDbContext _context = new ApplicationDbContext(); // my entity  

        public override void OnAuthorization(HttpActionContext actionContext)
        {

            //Sample on what to do here??
            if (AuthorizeRequest(actionContext))
            {

                return;

            }

            HandleUnauthorizedRequest(actionContext);

        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {

            //Code to handle unauthorized request
            var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
            challengeMessage.Headers.Add("WWW-Authenticate", "Basic");
            throw new HttpResponseException(challengeMessage);

        }

        private bool AuthorizeRequest(HttpActionContext actionContext)
        {

            //Sample on what to do here??

            return true;

        }

    }
}

Upvotes: 1

Views: 5094

Answers (1)

Sulay Shah
Sulay Shah

Reputation: 514

Here is the sample you required, this check the request contains the authenticationtoken then only allow to execute the request. you can here check your session is available to check user logged in or not.

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
    public override void OnAuthorization({
           System.Web.Http.Controllers.HttpActionContext actionContext)
    private readonly string Resource {get; set; }base.OnAuthorization(actionContext);
        if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
            string authenticationToken =public Convert.ToStringCustomAuthorize(
           string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action);
            //authenticationTokenPersistant{
            // it is saved in someResource data= storeresource;
            // i will compare the authenticationToken sent byAction client= withaction;
            // authenticationToken persist in database against specific user, and act accordingly}
          public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken)
            {
                HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext);
                HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{
                actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext);
                return;
            }

 //Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action
        HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
   //Your logic here to return return;
authorize or unauthorized response }
    actionContext.Response = 
      actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);}
    actionContext.Response.ReasonPhrase = "Please provide valid inputs";
}

Upvotes: 1

Related Questions