CODEWITHSUNDEEP
c#asp.net-web-api
BenW
BenW

Reputation: 1453

Webapi 2 custom authorisation does not execute the method

I have created a custom authorisation class to validate the user token. This is web api 2.

Problem is, custom authorisation validate the token but does not execute the method in the controller after. It should execute the user method in the controller after validate the token. I have debug the code and I can see the authorisation token get validated properly but not executing the method and simply return 200.

Can anyone help ? (I am new to this)

custom authorisation class code:

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
    {
        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            base.OnAuthorization(actionContext);


            if (actionContext.Request.Headers.Authorization.Parameter != null)
            {
                string authenticationToken = Convert.ToString(actionContext.Request.Headers.Authorization.Parameter);
                PartnerUserProfile user = new PartnerUserProfile();
                user = user.validate_token(authenticationToken);

                if (user.recordref > 0) //above user has some content and matches the token from validate_token method. it wil be blank if not
                {


                    return;

                }
                else
                {
                    HttpContext.Current.Response.AddHeader("Bearer", authenticationToken);
                    HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
                    return;
                }
            }

            actionContext.Response =  actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
            actionContext.Response.ReasonPhrase = "Please provide valid inputs";
            return;

        }

    }

and my controller is below this will never get executed.

   [HttpPost]
    [CustomAuthorize]
    public IHttpActionResult user(PartnerUserProfile user) //setUser
    {
        ReturnData rd = user.setPartnerUserProfile();
        if (rd.status == 0)
        {
            return BadRequest("Invalid");
        }
        return Ok(rd);
    }

Upvotes: 0

Views: 56

Answers (1)

hatcyl
hatcyl

Reputation: 2352

When you assign a value to Response, it short circuits and returns right away. The controller logic will only execute if you do not short-circuit (a response is set in an Filter).

https://learn.microsoft.com/en-us/aspnet/core/mvc/controllers/filters?view=aspnetcore-2.1#cancellation-and-short-circuiting

Upvotes: 1

Related Questions