Skip to main content

Custom AuthorizeAttribute in ASP.NET Core.








Introduction.

Filter in MVC are attribute which can be apply to controller and action method. filters allow us to write our custom code before and after method execution.

filters can be implemented into different level of scope Global, Class, and Method level. MVC provides different types of filters.

The Authorization filter will run first and are used to determine whether the current user is authorized or unauthorized for the current request.

In this article we will learn how to create custom authorization filter, were you can write your own authorization framework.

Description.

For creating Authorization filter IAuthorizationFilter interface must be inherited. For example, the following code demonstrate custom Authorization


below CustomAuthorization attribute allow only Home controller to access the particular method under home controller class else it will return "error" in response if it is called via ajaxcall, otherwise it will be redirect to Session Expired page.



[AttributeUsage(AttributeTargets.Class)]
public sealed class CustomAuthorization: Attribute, IAuthorizationFilter {

 public void OnAuthorization(AuthorizationFilterContext filterContext) {
  var controllerInfo = filterContext.ActionDescriptor as ControllerActionDescriptor;
  if (filterContext != null) {
   string controllerName = controllerInfo.ControllerName;

   if (controllerName != "Home") {
    if (filterContext.HttpContext.Request.Headers["X-Requested-With"] == "XMLHttpRequest") {
     filterContext.Result = new JsonResult("") {
      Value = new {
       Status = "Error"
      },
     };
    } else {
     filterContext.Result = new RedirectToRouteResult(
      new RouteValueDictionary {
       {
        "Controller",
        "Home"
       }, {
        "Action",
        "SessionExpired"
       }
      });
    }
   }
  }
 }
}


You can write your own custom logic under OnAuthorization method, by inheriting Attribute it allow us to GetCustomAttributes() method that does not look at parent declarations. It only looks at attributes applied to the specified member.



For impletmentation of above filter you need to add below namespace into your class.

using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Routing;


Below defines the attribute target if we need to target Class, method, Assembly or Interface.

[AttributeUsage(AttributeTargets.Class)]


Attribute over Controller :

[CustomAuthorization]
public class HomeController: Controller {
 public IActionResult Index() {

 }
 public IActionResult Contact() {

 }
}


by applying Custom Authorization only method under home controller can be accessible.



Comments

Post a Comment

Popular posts from this blog

How to use Log4Net in .Net Core 2.0 Application.

1. Introduction Logging frameworks are important because they make it easy to write your logs to different places by simply changing your configuration. You can write your .NET logs to a file on disk, a database, a log management system 2. Install Nuget Package For nlog  To use Nlog logging you need to first add Nlog pluging for adding pluging you can do it by different way. 1) Manage Nuget Packages. 2) Nuget command. you can find nuget command for Log4Net below. PM> Install-Package log4net -Version 2.0.8 3. Add log4net.config file We need to Add New to your project with name log4net.config Refer below code for log4net.config for logging log into file. Root is neccesary in log4net.config, in which we can define log level and appender-ref in which we can define appender for eg. FileAppender, ConsoleAppender. Layout : In layout we can define custom parameter sh

What are PascalCase and CamelCase In Programing Language?

What are PascalCase and CamelCase In Programing Language?. Pascal Case  :-  In programming,  PascalCase   means that the first letter of every word in the name is capitalized. In Pascal Case if acronym exists in the word then only the first letter of that acronym should be capital. Eg:  ThisWordIsInPascalCase  . No other characters are used to separate the words, like hyphens or underscores. For example: BackColor TimeUtc FirstName CamelCase  :-    camelCase  or  CamelCase ; also known as  camel caps  or more formally as  medial capitals.  It is the same as Pascal Case, but the first letter of the first word is lowercased. this article calls the two alternatives  upper camel case  (initial upper case letter also known as Title Case) and  lower camel case  (initial lower case letter). Some people and organizations, notably  Microsoft  ,  use the term  camel case  only for lower camel case. For example: backColor timeUtc firstName Snake_case  :-PascalCase and camelCase