Override AuthorizeAttribute in ASP.Net Core and respond Json status -


i'm moving asp.net framework asp.net core.

in asp.net framework web api 2 project, can customize authorizeattribute :

public class apiauthorizeattribute : authorizationfilterattribute {     #region methods      /// <summary>     ///     override authorization event custom authorization.     /// </summary>     /// <param name="httpactioncontext"></param>     public override void onauthorization(httpactioncontext httpactioncontext)     {         // retrieve email , password.         var accountemail =             httpactioncontext.request.headers.where(                     x =>                         !string.isnullorempty(x.key) &&                         x.key.equals("email"))                 .select(x => x.value.firstordefault())                 .firstordefault();          // retrieve account password.         var accountpassword =             httpactioncontext.request.headers.where(                     x =>                         !string.isnullorempty(x.key) &&                         x.key.equals("password"))                 .select(x => x.value.firstordefault()).firstordefault();          // account view model construction.         var filteraccountviewmodel = new filteraccountviewmodel();         filteraccountviewmodel.email = accountemail;         filteraccountviewmodel.password = accountpassword;         filteraccountviewmodel.emailcomparision = textcomparision.equal;         filteraccountviewmodel.passwordcomparision = textcomparision.equal;          // find account.         var account = repositoryaccount.findaccount(filteraccountviewmodel);          // account not found.         if (account == null)         {             // treat account unthorized.             httpactioncontext.response = httpactioncontext.request.createresponse(httpstatuscode.unauthorized);              return;         }          // role not defined means request allowed.         if (_roles == null)             return;          // role not allowed          if (!_roles.any(x => x == account.role))         {             // treat account unthorized.             httpactioncontext.response = httpactioncontext.request.createresponse(httpstatuscode.forbidden);              return;         }          // store requester information in action argument.         httpactioncontext.actionarguments["account"] = account;     }      #endregion      #region properties      /// <summary>     ///     repository provides function access account database.     /// </summary>     public irepositoryaccount repositoryaccount { get; set; }      /// <summary>     ///     role can allowed access server.     /// </summary>     private readonly byte[] _roles;      #endregion      #region constructor      /// <summary>     ///     initialize instance default settings.     /// </summary>     public apiauthorizeattribute()     {     }      /// <summary>     ///     initialize instance allowed role.     /// </summary>     /// <param name="roles"></param>     public apiauthorizeattribute(byte[] roles)     {         _roles = roles;     }      #endregion }

in customized authorizeattribute, can check whether account valid or not , return httpstatuscode message client.

i'm trying samething in asp.net core, no onauthorization me override.

how can achieve same thing in asp.net framework ?

thank you,

you're approaching incorrectly. never encouraged write custom attributes this, or extend existing. asp.net core roles still apart of system backwards compatibility discouraged.

there great 2 part series on of driving architecture changes , way , should utilized found here. if want still rely on roles can so, suggest using policies.

to wire policy following:

public void configureservices(iservicecollection services) {     services.addauthorization(options =>     {         options.addpolicy(nameof(policy.account),                            policy => policy.requirements.add(new accountrequirement()));     }); }

i created policy enum convenience.

public enum policy { account };

decorate entry points such:

[     httppost,     authorize(policy = nameof(policy.account)) ] public async task<iactionresult> postsomething([fromroute] blah) { }

the accountrequirement placeholder, needs implement iauthorizationrequirement interface.

public class accountrequirement: iauthorizationrequirement { }

now need create handler , wire di.

public class accounthandler : authorizationhandler<accountrequirement> {     protected override async task handlerequirementasync(         authorizationhandlercontext context,         accountrequirement requirement)     {         // logic here... or else need do.         if (context.user.isinrole("foobar"))         {             context.succeed(requirement);             return;         }     } }

additional resources


-

Comments

Post a Comment

Popular posts from this blog

angular - Is it possible to get native element for formControl? -

i've got angular2 reactive form . created formcontrol s , assigned input fields by [formcontrol]=... . understand creates nativeelement <-> formcontrol link. my question: possible nativeelement formcontrol ? wanna myformcontrol.nativeelement.focus() i can share 1 terrible solution works me. in reactive forms can use either 1) formcontroldirective ts mycontrol = new formcontrol('') template <input type="text" [formcontrol]="mycontrol"> or 2) formcontrolname ts myform: formgroup; constructor(private fb: formbuilder) {} ngoninit() { this.myform = this.fb.group({ foo: '' }); } template <form [formgroup]="myform"> <input type="text" formcontrolname="foo"> </form> so these directives write patch like 1) formcontroldirective const originformcontrolngonchanges = formcontroldirective.prototype.ngonchanges; formcontroldirective.proto
Read more

unity3d - Rotate an object to face an opposite direction -

i have object , b. when click on object b, rotates object b (a faces b). b doesn't face a. need following : when faces b, need face opposite direction. have code rotating @ b. how rotate face opposite direction after that? vector3 targetdirection = target - transform.position; float step = speed * time.deltatime; vector3 newdirection = vector3.rotatetowards (turretdome.transform.forward, targetdirection, step, 0.0f); turretdome.transform.rotation = quaternion.lookrotation (newdirection); you object facing object b, want inverse direction of object after that? objecta.transform.rotation = quaternion.inverse(objecta.transform.rotation) but lets assume example turretdome object a, (negate direction): turretdome.transform.rotation = quaternion.lookrotation (-newdirection); naturally, both of these snippets not show how smoothen rotation, seem know how use time.deltatime. just incase unsure, quaternion.lerp this
Read more

javascript - Why jQuery Select box change event is now working? -

i working on product filters user select select box according his/her preference not getting selected value user in jquery. html code:- <select name="product_filter" id="product_filter"> <option value="price_low_first">price : low high</option> <option value="price_high_first">price : high low</option> <option value="latest">latest</option> <option value="popular">most popular</option> </select> jquery code: $(function () { $("#product_filter").change(function () { alert("hi") var selectedtext = $(this).find("option:selected").text(); var selectedvalue = $(this).val(); alert("selected text: " + selectedtext + " value: " + selectedvalue); }); }); hi believe code perfect. once please check jquery.min.js
Read more