MVC custom authorization filter

Step 1: Create new CustomAuthorizeAttribute.cs class and inherit it from AuthorizeAttribute. Now write the following code in that class.

 public class CustomAuthorizeAttribute AuthorizeAttribute
    {
        //For handle single role
        public string Role = string.Empty;

        public override void OnAuthorization(AuthorizationContext actionContext)
        {
            if (!SkipAuthorization(actionContext))
            {
                var sessionId actionContext.HttpContext.Request.Headers.Get("SessionId");
                if (string.IsNullOrEmpty(sessionId))
                {
                    RedirectToLogin(actionContext);
                }

                bool validate = true; //To Do : Validate SessionId from the database.
                if (!validate)
                {
                    RedirectToLogin(actionContext);
                }
            }
        }

        public void RedirectToLogin(AuthorizationContext filterContext)
        {
            filterContext.Result =
                new RedirectToRouteResult(new RouteValueDictionary(
                    new
                    {
                        controller = "Account",
                        action = "Unauthorized",
                        area = "",
                        returnUrl = filterContext.RequestContext.HttpContext.Request.Url.PathAndQuery
                    }));
        }

        //This function checks the AllowAnonymous attribute existance on the controller action method.
        private bool SkipAuthorization(AuthorizationContext filterContext)
        {
            Contract.Assert(filterContext != null);

            return filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any()
                   || filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any();
        }
    }

Step 2: Now add this CustomAuthorize attribute on the home controller. CustomAuthorize attribute checks the "SessionId" in the request headers and validate the "SessionId" of logged in user. If that "SessionId" is invalid then it redirect the user to "Unauthorized" action of Account controller. 

[CustomAuthorize]
 public class HomeController Controller
    {
        public ActionResult Dashboard()
        {
            return View();
        }
    }

 public class AccountController : Controller
    {
        public ActionResult Unauthorized()
        {
            return View();
        }


    }

Comments

Post a Comment

Popular posts from this blog

MVC Implementing Dependency Injection.

Please follow the following steps to implement the dependency injection in the MVC. Step1:- Install "Unity.MVC4" Nuget Package. Step2:- Map interfaces with classes as followimg   private static IUnityContainer BuildUnityContainer()        {            var container = new UnityContainer();            // register all your components with the container here            // it is NOT necessary to register your controllers            // e.g. container.RegisterType<ITestService, TestService>();              container.RegisterType<IUser, UserComponent>();            container.Reg...
Read more

MVC handle multiple submit buttons in ASP.NET MVC.

In MVC we can handle the multiple submit buttons in same post type action. The following code snipt will help you to implement this kind of scenario. Step 1: Add the following two actions in your MVC controller. public ActionResult Test() {   return View(); } [HttpPost] public ActionResult Test(string submitBtn) {   switch (submitBtn)   {     case "Save":     //Perform save functionality.     break;     case "Cancel":     //Manage cancel button click     break;   }   return View(); } Step 2: Now create new view with following html. In this html you can see two submit buttons in one Form. So everytime when we will click on any submit button then the "Test" method will be called. @{     ViewBag.Title = "Test"; } <h2>TestR</h2> @using (Html.BeginForm("Test", "Home", FormMethod.Post)) {     <input type="text" name="FirstName" /> ...
Read more