15

I need to create a customized authorization in ASP.NET MVC 3. Inside the app, authorization is defined in 5 tables: users, groups, usergroups, rights, grouprights. A user can belong to several groups, and each right can be assigned to several groups too. Each controller action is assigned a RightID.

The built in authorization can't accomodate this setup, so I tried to create a customized AuthorizeAttribute. When overriding AuthorizeCore, I realized I don't have access to controller name and action name.

Can I somehow ask the router to parse the Request.RawUrl inside AuthorizeCore to get controller and action name? Or is there another way to do what I want?

Improve this question

2 Answers 2

Reset to default
24 
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    var routeData = httpContext.Request.RequestContext.RouteData;
    var controller = routeData.GetRequiredString("controller");
    var action = routeData.GetRequiredString("action");
    ...
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

So I DO have access to controller and action name :)
0

You can achieve this using Action Filters where you have access to all HttpContex.

public class MyAuthorizeAttribute : ActionFilterAttribute, IAuthorizationFilter
{

    #region Implementation of IAuthorizationFilter

    public void OnAuthorization(AuthorizationContext filterContext)
    {
              // ... implementation

              // filterContext.Controller is the controller
              // filterContext.RouteData is all the route data
Improve this answer

2 Comments

I read somewhere that I should not implement my own authorization filter because of some problem with output cache. Not sure whether this is still a problem in MVC 3.
OnAuthorization can be cached/shared across requests and users, so this is not secure. Use AuthorizeCore instead.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.