1

I have an object that contains all login data, that's in my controller (it was programmed before switching to MVC3).

I'm trying to add authorization to the site, so so far I have:

public LoginObject MyLoginObject
{
   get;
   set;
}

[CustomAuthorization()]
public ActionResult Index()
{
 return View();
}

and

public class CustomAuthorization : AuthorizeAttribute
{
   protected override bool AuthorizeCore(HttpContextBase httpContext)
   {
    return true;
    //should be return myLoginObject.IsLoggedIn;
   }
}

Is there anyway to pass MyLoginObject into the AuthorizeAttribute class? If not could I at least pass in a boolean from the object that specifies if the user is authorized or not?

Edit: My solution based on Zonnenberg's advice.

public class LoginObject : IPrincipal // Now extends IPrincipal 
{
   ... //old code
   private class IdentityImpl : IIdentity
{
  public string AuthenticationType
  {
    get;
    set;
  }

  public bool IsAuthenticated
  {
    get;
    set;
  }

  public string Name
  {
    get;
    set;
  }
}

public IIdentity Identity
{
  get { return new IdentityImpl { AuthenticationType = "Custom Authentication", IsAuthenticated = this.IsLoggedIn, Name = this.Id}; }
}
}

Then I moved the instantiation of loginobject into CustomAuthorization

public override void OnAuthorization(AuthorizationContext filterContext)
{
  // ... Set up LoginObject
    filterContext.RequestContext.HttpContext.User = myLoginObject;

  base.OnAuthorization(filterContext);
}

So now logging in, is done inside the authorization, and I can call User to access the login from the controller.

Improve this question
3
  • Can't you access the controller context via the HTTP context? Commented Jun 21, 2011 at 22:08
  • What's this Login object that you are talking about? Where does it come from? How is this action requested? What is contained in the request? You just talked about my login object which I am afraid doesn't make much sense to me. Commented Jun 21, 2011 at 22:23
  • The login object is a custom created class. Its an object created to refer to an admin user's login credentials. Commented Jun 22, 2011 at 3:40

2 Answers 2

Reset to default
2

You can check wheter the user is logged in by using httpContext.User.Identity.IsAuthenticated.

To store more information you could use the httpContext.User object. You can write your own implementation of IPrincipal and IIdentity to store all kinds of login information.

Other option is to store login info in the Session.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

How is your LoginObject instantiated?

If it's instantiated via a service or repository (ex. MyLoginObject = loginService.GetLogin() then you can move this call into the CustomAuthorization attribute.

If the logic is within the controller itself then this should be refactored into a service or repository depending on you solution architecture so that you can do the above.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.