0

I have two entity sets like below:

public class Serial
    {
        [HiddenInput(DisplayValue=false)]
        public int SerialID { get; set; }
        [HiddenInput(DisplayValue=false)]
        public string Id { get; set; }
        [Required(ErrorMessage="Please provide your membership serial")]
        [StringLength(16,ErrorMessage="This field can't be longer as of 16 characters.")]
        public string UserSerial { get; set; }
    }

AND

public class Subscription
    {
        [HiddenInput(DisplayValue=false)]
        public int SubscriptionID { get; set; }
        [Required(ErrorMessage="Please provide a subscription code.")]
        public string AdminSerial { get; set; }
    }

I would like to create a custom authorization attribute to design my action methods within my controllers with following scenario:

I would like to check if the any value of UserSerial in Serial Entity not equal to any value ofAdminSerial in Subscription Entity. If the above condition become true so the ActionResult method itself should be executed else the Custom AuthorizeAttribute should redirect it to another action method, here is what i tried but it isn't working am i missing something?

public class RequireSerial : AuthorizeAttribute
    {
        EFDbContext db = new EFDbContext();
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {

            if (!db.Subscriptions.Any(s => s.AdminSerial.Equals(db.Serials.Any())))
            {
                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Serials", action = "Create" }));
            }
            else
            {
                // Execute the Action method itself
            }
        }
    }

I tried to put this RequireSerial custom authorize attribute on the top of action methods but nothing really happens.

[RequireSerial]
        public ViewResult Checkout()
        {
            return View();
        }

Any help would be appreciated.

Improve this question

2 Answers 2

Reset to default
0

You need to override OnAuthorization a HandleUnauthorizedRequest method. HandleUnauthorizedRequest is called by default implementation of OnAuthorization method if user is not authorized. Default implementation of HandleUnauthorizedRequestredirects the user to login page.

EFDbContext db = new EFDbContext();
public override void OnAuthorization(AuthorizationContext filterContext)
{
    //handle base authorization logic
    base.OnAuthorization(filterContext);     

    //if user is not authorized (by base rules) simply return because redirect was set in 'base.OnAuthorization' call.    
    if (this.AuthorizeCore(filterContext.HttpContext) == false)
    {
       return;
    }

    //Here comes your custom redirect logic:
    if (!db.Subscriptions.Any(s => s.AdminSerial.Equals(db.Serials.Any())))
    {
        filterContext.Result = your redirect url goes here;
    }                  
  }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

-2

Authorization is basically a "boolean" value (not exactly a true boolean but it returns either an authorization or a failure of it) to full get it this, MSDN's article about is very clear.

Custom Authorization

Improve this answer

1 Comment

When you create a class for Custom Authorization, you need to override IsAuthorized function.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.