3

I have created a custom AuthorizeAttribute which verifies some OAuth credentials of user.

Once I got valid user I want to return response data to controller how can I achieve this in web api .net.

public class CustomAttribute : AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        var response = mydata.Result.Content.ReadAsStringAsync();
        if (mydata.Result.StatusCode == HttpStatusCode.OK)
        {
            // return response data to controller
            return true;
        }
    }
}

I searched I got in mvc it can be done like below.

public class CustomAttribute : AuthorizeAttribute
{
   public string BlackListedUsers { get; set; }
   protected override bool AuthorizeCore(AuthorizationContext filterContext)
   {
     filterContext.HttpContext.Items["test"] = "foo";
     return true;
   }
}

In controller - 

_yourVariable = HttpContext.Items["test"];

How can I achieve this in System.Web.Http in web api because in webapi i do not have method AuthorizeCore and input parameter AuthorizationContext?

Improve this question
2
  • Through container and Dependency properties, for example. Commented Jul 18, 2017 at 8:48
  • in webapi i do not have method AuthorizeCore and input parameter AuthorizationContext Commented Jul 18, 2017 at 8:54

4 Answers 4

Reset to default
6

This approach can work but not recommended.

Inside your IsAuthorized function-

protected override bool IsAuthorized(HttpActionContext actionContext)
{
    var response = mydata.Result.Content.ReadAsStringAsync();
    if (mydata.Result.StatusCode == HttpStatusCode.OK)
    {
        string someValue = "any value";
        actionContext.Request.Properties.Add(new KeyValuePair<string, object>("YourKeyName", someValue));
        return true;
    }
}

The someValue can be string, int or any custom object as you want.

In controller you retrieve like this-

object someObject;
Request.Properties.TryGetValue("YourKeyName", out someObject);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Is actionContext.Request.Properties per-user? I mean if two users set it at the same time to different values, then what happens?
Yes, Request properties are user specific
4

In Web API 2.0 HttpActionContext.Request.Properties is equivalent to AuthorizationContext .HttpContext.Items. Consequently you can add an item to the properties and get it in your controller by Request.Properties["keyName"]. 

public class CustomAttribute : AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        var response = mydata.Result.Content.ReadAsStringAsync();
        if (mydata.Result.StatusCode == HttpStatusCode.OK)
        {
            actionContext.Request.Properties["keyName"] = keyValue;
            return true;
        }
    }
}
Improve this answer

Comments

1

If you have, for example, MyController with property MyProperty defined on that controller, then in authorize you might have something like:

(filterContext.Controller as MyController).MyProperty= "any value";

and within your controller you just normally access MyProperty

Improve this answer

Comments

0

I use Code Like this

 protected override bool AuthorizeCore(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            BaseApiController Controller = actionContext.ControllerContext.Controller as BaseApiController;
            baseApi.Property = 10;
            return Controller.IsAuthorize();
        }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.