c# - Customizing System.Web.Http.AuthorizeAttribute within asp.net web api application -

February 15, 2012

i'd customize system.web.http.authorizeattribute class :

 public class myauthorizeattribute : system.web.http.authorizeattribute     {          public permissionsenum ispermitted { get; set; }           protected override bool isauthorized(httpactioncontext actioncontext)         {             if (system.web.httpcontext.current.session["role"] == null) return false;             string rol = (string)system.web.httpcontext.current.session["role"];              if (rol == "admin" || roles == "super admin") ispermitted = permissionsenum.administration;             else ispermitted = permissionsenum.collaboration;             return base.isauthorized(actioncontext);         }     }    [flags]     public enum permissionsenum     {         administration,         collaboration     }

i used in controller :

[myauthorizeattribute(ispermitted = permissionsenum.administration  )]     public class pointagecontroller : controller     {         public actionresult graphesetstatistiques()         {             return view();         }          [myauthorizeattribute(ispermitted = permissionsenum.administration)]         public actionresult pointage()         {             return view();         }         public actionresult parametrage()         {             return view();         }         public actionresult getmessages()         {             messagesrepository _messagerepository = new messagesrepository();             return partialview("_messageslist", _messagerepository.getallmessages());         }     }

my problem can access pointage view ispermitted=permissionsenum.collaboration !!!! .

so :

what reason of problem?
how can fix it?

what reason of problem?

your problem logic within isauthorize method improper.

how can fix it?

...set breakpoint , debug isauthorized method.

from looking @ code provided, way structured, ispermitted property superfluous. pass attribute when decorating controller, inside isauthorized method, nothing injected value. instead, set independently. call base authorizeattribute's isauthorized method, , base attribute has no concept of enum.

i can't know sure if solve domain requirements, @ least give functional isauthorized method can build from:

protected override bool isauthorized(httpactioncontext actioncontext)     {         if (system.web.httpcontext.current.session["role"] == null) return false;         string role = (string)system.web.httpcontext.current.session["role"];          if ((role == "admin" || role == "super admin") //recycling condition            && ispermitted == permissionsenum.administration) return true;          if ((role == "collaborator"            && ispermitted == permissionsenum.collaborator) return true;          return false;     }

Search This Blog

Color

c# - Customizing System.Web.Http.AuthorizeAttribute within asp.net web api application -

Comments

Post a Comment

Popular posts from this blog

javascript - jQuery: Add class depending on URL in the best way -

caching - How to check if a url path exists in the service worker cache -

Redirect to a HTTPS version using .htaccess -