开发者

How to create custom JsonAuthorize Attribute to secure actions which returns JsonResults?

问答 作者:

I was thinking how to correctly secure JsonResult action with custom attribute instead of doing kind of this on each action like saying here ASP.NET MVC JsonResult and AuthorizeAttribute

if (!User.Identity.IsAuthenticated)
    return Json("Need to login");

But the question is how could i create such attribute which would return Json. So i've started from that:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
    public class JsonAuthorizeAttribute : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("httpContext");
    开发者_StackOverflow中文版        }
            IPrincipal user = httpContext.User;

            if (!user.Identity.IsAuthenticated)
            { 
               //? 
            }

            //Need to return json somehow ?
        }
    }

Bot how i may return json result from such attribute? any ideas?

You can use an ActionFilterAttribute which allows you to return a result without using the httpcontext.response.write or anything.

public class JsonActionFilterAttribute : ActionFilterAttribute {
    public override void OnActionExecuting(ActionExecutingContext filterContext) {
        if (!HttpContext.Current.User.Identity.IsAuthenticated) {
            filterContext.Result = new JsonResult() { Data = "Need to login." };
        }
        base.OnActionExecuting(filterContext);
    }
}

1 way is to override AuthorizeAttribute.HandleUnauthorizedRequest

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    throw new CustomUnauthorizedException();
}

... And then in your Global.asax:

protected void Application_Error(object sender, EventArgs e)
{
    Exception error = Server.GetLastError();
    if (error is CustomUnauthorizedException) {
        if (AjaxRequest(Request)) {
            ... return Json response.
        } else {
            ... redirect
        }
    }
}

So you can throw the exception anywhere in your codebase and you've centralized the handling of that exception in Global.asax

Try this.. it works for me

 protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
 {
   dynamic ResponseObj = new JObject();
   ResponseObj.Message = "Authorization has been denied for this request.";
   string jsonString = Newtonsoft.Json.JsonConvert.SerializeObject(ResponseObj);
   actionContext.Response = new HttpResponseMessage
    {
      StatusCode = HttpStatusCode.Unauthorized,
      Content = new StringContent(jsonString, System.Text.Encoding.UTF8,"application/json")
     };
 }

继续阅读:asp.net-mvc-3

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9