mercredi 8 février 2017

Override Global Authorize in Controller instead of Action

Vote count: 0

I created a custom authorize, which is ignored when an action has [Authorize]:

public class MyGlobalAuthorizeAttribute: AuthorizeAttribute
{

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        // check if action is decorated with an Authorize...
        var action = filterContext.ActionDescriptor
        if (action.IsDefined(typeof(AuthorizeAttribute), true))
            return;

        base.OnAuthorization(filterContext);
    }

}

...then I configured it in the global filters, only allowing admins by default:

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new MarimexAuthorizeAttribute() { Roles = "Admin" });
    }
}

If I decorate an action like this:

public class MyController: Controller
{
    [Authorize] // non-admins can access this action..
    public ActionResult Index()
    {
    }
}

...it works fine. However, if I put the [Authorize] in controller, MyGlobalAuthorizeAttribute won't detect it.

I found many examples of overriding, but all of them is about an action overriding a controller or a global authorize, but not a controller overriding a global authorize.

Is it possible to achieve this?

asked 28 secs ago
Alisson

Let's block ads! (Why?)



Override Global Authorize in Controller instead of Action
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)