1

I'm trying to use a custom Authorize attribute in my application to handle request from Clients and Administrators.

I've used the same approach in a different application where the only difference was the authentication type. One being Microsoft Account based and this one being Federated Services based.

I've set a break point in my override of the AuthorizationCore method, my problem is that this is only getting fired once when the user tries to access the application for the first time, it will then redirect the user to the login page. After this it does not get fired again. I need it to fire every time a user accesses the controller/action so we can check if the user has the correct role, which in my understanding is the what the Authorize attribute is for.

My code:

public class AuthorizeUserAttribute : AuthorizeAttribute
{
    /// <summary>
    /// The Role required by the Action or Controller
    /// </summary>
    public UserRole RequireRole { get; set; }

    /// <summary>
    /// Authorization Logic
    /// </summary>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {

        //Result = new AuthorizationResult();
        bool isAuthorized = base.AuthorizeCore(httpContext);

        if (isAuthorized)
        {
            using (ApplicationDbContext context = new ApplicationDbContext())
            {
                ApplicationUser user = context.ApplicationUsers.FirstOrDefault(u => u.EmailAddress.Equals(httpContext.User.Identity.Name, StringComparison.OrdinalIgnoreCase));
            }


            // ... Check if user has the required role
        }

        return isAuthorized;
    }

    /// <summary>
    /// Redirect the user
    /// </summary>
    /// <param name="filterContext"></param>
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        // Handle the request if the user does not have the required role

        base.HandleUnauthorizedRequest(filterContext);
    }
}

I'm using the Attribute as follows

    [AuthorizeUser(RequireRole = Core.Models.Users.UserRole.User)]
    public ActionResult Index()
    {

        return View();
    }

Any help will be appreciated. Thanks

Improve this question
6
  • How are you using the AuthorizeUserAttribute? Please post some code examples. Commented Jun 15, 2017 at 11:51
  • Where are you setting isAuthorized to false? Commented Jun 15, 2017 at 11:58
  • @NightOwl888 I added the implementation Commented Jun 15, 2017 at 12:22
  • @S.Dav that is just the basic layout, I haven't added any logic yet Commented Jun 15, 2017 at 12:22
  • As it is now, once the user is logged in it will always return true since isAuthorized is not set to false anywhere Commented Jun 15, 2017 at 12:48

1 Answer 1

Reset to default
1

I feel like kicking myself having to admit this one

My code was working perfectly, the issue was that the authentication provider redirects me to my https site after it has been authenticated, what I didn't realise was the port where it redirects me. The port it was redirecting to was the test application in my IIS and not the dev application in my IIS Express. doh!

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I was facing a similar situation with a redirect and this helped a lot. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.