I have a custom Authorize attribute, which implements OnAuthorization. In the default OnAuthorization, an HttpUnauthorizedResult is set when there is an authorization failure.
Can I intercept this ActionResult somewhere and take a specific action based on it. I do not want to put all the redirection logic etc. in OnAuthorization?
From your post you said you didn't want to place all redirection login in 'OnAuthorization'. If in this case, you can add parameters to the customed attribute. So you can define a constuction method with some parameters. Then you can redirect to different
view by judging the parameters.
I know this is an old post, but I have run into the same issue/decision to make. The earlier suggestion to modify the custom AuthorizeAttribute I created would allow me to do something like what is described in this post:
I'm not sure this is necessarily a bad thing. But I say that because like you, I don't know where to intercept the ActionResult so that I can do things like maintain state on the form I am attempting to lock down with a custom Role.
Can I intercept this ActionResult somewhere and take a specific action based on it. I do not want to put all the redirection logic etc. in OnAuthorization?
In general your subclassed AuthorizeAttribute should not override OnAuthorization(). Override HandleUnauthorizedRequest() instead and set the filterContext.Result property as appropriate from within that method.
Marked as answer by ricka6 on Feb 03, 2010 08:41 PM
That makes a lot of sense! The suggestions I found on the internet about a custom authorize attribute were based on subclassing FilterAttribute with interface IAuthorizationFilter and then you won't get to override that method.
When subclassing AuthorizeAttribute, it works like a charm. At least, I get to override OnAuthorizationFailed (MVC2). Is that the same as overriding HandleUnauthorizedRequest? That one I couldn't find, maybe a name change?
levib
edwinvandeburgt
Can I intercept this ActionResult somewhere and take a specific action based on it. I do not want to put all the redirection logic etc. in OnAuthorization?
In general your subclassed AuthorizeAttribute should not override OnAuthorization(). Override HandleUnauthorizedRequest() instead and set the filterContext.Result property as appropriate from within that method.
When subclassing AuthorizeAttribute, it works like a charm. At least, I get to override OnAuthorizationFailed (MVC2). Is that the same as overriding HandleUnauthorizedRequest? That one I couldn't find, maybe a name change?
Glad to hear this is working out for you! OnAuthorizationFailed() / HandleUnauthorizedRequest() are the same method - the name just changed at some point during MVC 2 development.
Marked as answer by ricka6 on Feb 05, 2010 07:16 PM
edwinvandebu...
0 Points
10 Posts
Intercept ActionResult (specifically when a HttpUnauthorizedResult() is set in OnAuthorization)
Aug 19, 2009 07:30 AM|LINK
Hello everyone,
I have a custom Authorize attribute, which implements OnAuthorization. In the default OnAuthorization, an HttpUnauthorizedResult is set when there is an authorization failure.
Can I intercept this ActionResult somewhere and take a specific action based on it. I do not want to put all the redirection logic etc. in OnAuthorization?
Kind regards,
Edwin.
ASP.NET MVC actionresult
KeFang Chen ...
Star
8329 Points
852 Posts
Re: Intercept ActionResult (specifically when a HttpUnauthorizedResult() is set in OnAuthorizatio...
Aug 21, 2009 06:47 AM|LINK
Hello,
From your post you said you didn't want to place all redirection login in 'OnAuthorization'. If in this case, you can add parameters to the customed attribute. So you can define a constuction method with some parameters. Then you can redirect to different view by judging the parameters.
edwinvandebu...
0 Points
10 Posts
Re: Intercept ActionResult (specifically when a HttpUnauthorizedResult() is set in OnAuthorizatio...
Aug 21, 2009 04:10 PM|LINK
Thanks for the suggestion, but that won't solve my problem.
Say I set the HttpUnauthorizedResult in OnAuthorization, where can I intercept it before it produces the view?
I don't know where to intercept the ActionResult after it leaves OnAuthorization, forcing me to let OnAuthorization render the View.
Kind regards,
Edwin.
pmoutzo
Member
4 Points
10 Posts
Re: Intercept ActionResult (specifically when a HttpUnauthorizedResult() is set in OnAuthorizatio...
Feb 03, 2010 04:10 PM|LINK
I know this is an old post, but I have run into the same issue/decision to make. The earlier suggestion to modify the custom AuthorizeAttribute I created would allow me to do something like what is described in this post:
http://stackoverflow.com/questions/977071?tab=newest#tab-top
Where I would decorate my ActionMethod with the following:
[Authorize(Roles="SomeRole", ViewName="ErrorAuth")]
I'm not sure this is necessarily a bad thing. But I say that because like you, I don't know where to intercept the ActionResult so that I can do things like maintain state on the form I am attempting to lock down with a custom Role.
levib
Star
7702 Points
1099 Posts
Microsoft
Re: Intercept ActionResult (specifically when a HttpUnauthorizedResult() is set in OnAuthorizatio...
Feb 03, 2010 07:13 PM|LINK
In general your subclassed AuthorizeAttribute should not override OnAuthorization(). Override HandleUnauthorizedRequest() instead and set the filterContext.Result property as appropriate from within that method.
edwinvandebu...
0 Points
10 Posts
Re: Intercept ActionResult (specifically when a HttpUnauthorizedResult() is set in OnAuthorizatio...
Feb 05, 2010 08:32 AM|LINK
Thanks levib!
That makes a lot of sense! The suggestions I found on the internet about a custom authorize attribute were based on subclassing FilterAttribute with interface IAuthorizationFilter and then you won't get to override that method.
When subclassing AuthorizeAttribute, it works like a charm. At least, I get to override OnAuthorizationFailed (MVC2). Is that the same as overriding HandleUnauthorizedRequest? That one I couldn't find, maybe a name change?
levib
Star
7702 Points
1099 Posts
Microsoft
Re: Intercept ActionResult (specifically when a HttpUnauthorizedResult() is set in OnAuthorizatio...
Feb 05, 2010 04:02 PM|LINK
Glad to hear this is working out for you! OnAuthorizationFailed() / HandleUnauthorizedRequest() are the same method - the name just changed at some point during MVC 2 development.