Reputation: 33
AuthorizeCore not working for custom authorize attribute
I'm trying to use a custom Authorize attribute in my application to handle request from Clients and Administrators.
I've used the same approach in a different application where the only difference was the authentication type. One being Microsoft Account based and this one being Federated Services based.
I've set a break point in my override of the AuthorizationCore method, my problem is that this is only getting fired once when the user tries to access the application for the first time, it will then redirect the user to the login page. After this it does not get fired again. I need it to fire every time a user accesses the controller/action so we can check if the user has the correct role, which in my understanding is the what the Authorize attribute is for.
My code:
public class AuthorizeUserAttribute : AuthorizeAttribute
{
/// <summary>
/// The Role required by the Action or Controller
/// </summary>
public UserRole RequireRole { get; set; }
/// <summary>
/// Authorization Logic
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//Result = new AuthorizationResult();
bool isAuthorized = base.AuthorizeCore(httpContext);
if (isAuthorized)
{
using (ApplicationDbContext context = new ApplicationDbContext())
{
ApplicationUser user = context.ApplicationUsers.FirstOrDefault(u => u.EmailAddress.Equals(httpContext.User.Identity.Name, StringComparison.OrdinalIgnoreCase));
}
// ... Check if user has the required role
}
return isAuthorized;
}
/// <summary>
/// Redirect the user
/// </summary>
/// <param name="filterContext"></param>
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
// Handle the request if the user does not have the required role
base.HandleUnauthorizedRequest(filterContext);
}
}
I'm using the Attribute as follows
[AuthorizeUser(RequireRole = Core.Models.Users.UserRole.User)]
public ActionResult Index()
{
return View();
}
Any help will be appreciated. Thanks
Upvotes: 1
Views: 1447
Answers (1)
Reputation: 33
I feel like kicking myself having to admit this one
My code was working perfectly, the issue was that the authentication provider redirects me to my https site after it has been authenticated, what I didn't realise was the port where it redirects me. The port it was redirecting to was the test application in my IIS and not the dev application in my IIS Express. doh!
Upvotes: 1
Related Questions
- Custom Authorize attribute - ASP .NET Core 2.2
- Custom Authorize Attribute not working asp.net
- ASP.NET MVC5 custom AuthorizeAttribute not being invoked properly
- custom AuthorizeAttribute should be failing but API runs
- Custom AuthorizeAttribute Failing to Authorize
- Overriding AuthorizeCore from AuthorizeAttribute is not being invoked
- user isn't authenticated in custom authorize attribute
- Custom AuthorizeAttribute not called
- Custom AuthorizeAttribute Not Called by MVC Framework
- Custom Authorize Attribute don't get called