本文转自:http://quabr.com/40446028/how-to-override-handleunauthorizedrequest-in-asp-net-core
I‘m migrating my project to asp.net core and I‘m stuck in migrating my CustomAuthorization attribute for my controllers. Here is my code.
public class CustomAuthorization : AuthorizeAttribute
{
public string Url { get; set; }
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);
}
else if (!Roles.Split(‘,‘).Any(filterContext.HttpContext.User.IsInRole))
{
filterContext.Result = new ViewResult
{
ViewName = "AcessDenied"
};
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
then i used it to my controllers
[CustomAuthorization(Url = "/Admin/Account/Login", Roles = "Admin")]
public abstract class AdminController : Controller { }
so, basically i can use it to redirect to different login page when roles is not met. I have few areas and each of them have different login page. I tried using the CookieAuthenticationOptions like this
services.Configure<CookieAuthenticationOptions>(options =>
{
options.AuthenticationScheme = "Admin";
options.LoginPath = "/Admin/Account/Login";
});
then on my admin controller
[Area("Admin")]
[Authorize(ActiveAuthenticationSchemes = "Admin", Roles = "Admin")]
but after i login, it still cant get in.
I am doing something similar in one of my projects. This answer is NOT using AuthorizeAttribute; but it might help some one landing here from a google search. In my case I am using it to authorize based on custom logic.
First my custom attribute class:
public class CustomAuthorizationAttribute : ActionFilterAttribute
{
private readonly IMyDepedency _dp;
public CustomAuthorizationAttribute(IMyDepedency dp)
{
_dp = dp;
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var isValid = false;
//write my validation and authorization logic here
if(!isValid)
{
var unauthResult = new UnauthorizedResult();
context.Result = unauthResult;
}
base.OnActionExecuting(context);
}
}
I decorate my controllers like this:
[ServiceFilter(typeof (CustomAuthorizationAttribute))]
Then in my Startup class
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
// my other stuff that is not relevant in this post
// Security
services.AddTransient<CustomAuthorizationAttribute>();
}
[转]How to override HandleUnauthorizedRequest in ASP.NET Core
原文:http://www.cnblogs.com/freeliver54/p/6259282.html