tag:blogger.com,1999:blog-9200551703084243537.post439017501568784265..comments2023-11-02T07:29:53.062-05:00Comments on Farm Fresh Code: Customizing authorization in ASP.NET MVCtvanfossonhttp://www.blogger.com/profile/04716379255368704897noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-9200551703084243537.post-24000921797969198002013-10-18T12:39:12.814-05:002013-10-18T12:39:12.814-05:00Nice post. I learn something totally new and chall...Nice post. I learn something totally new and challenging on sites I stumbleupon <br />on a daily basis. It will always be exciting to read content from other writers and practice <br />something from their web sites.<br /><br />Here is my web site: <a href="http://www.absolutevirtualassistantsolutions.com/how-i-can-help-you" rel="nofollow">book of ra tricks kostenlos</a>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9200551703084243537.post-23848086169265416262011-08-31T15:25:17.690-05:002011-08-31T15:25:17.690-05:00I found your base class at http://stackoverflow.co...I found your base class at http://stackoverflow.com/questions/977071/redirecting-unauthorized-controller-in-asp-net-mvc. Thanks for making this information available.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9200551703084243537.post-49895670030568401622011-08-31T08:26:57.763-05:002011-08-31T08:26:57.763-05:00@suncat2000 - I tried to simplify the example and ...@suncat2000 - I tried to simplify the example and must have not caught that. In my actual code this class doesn't derive directly from AuthorizeAttribute but from another class I use as a base class for all of my custom authorization attributes. That class has those properties. I've removed them here to avoid confusion. You may be interested in looking at an updated post on this: http://farm-fresh-code.blogspot.com/2011/03/revisiting-custom-authorization-in.htmltvanfossonhttps://www.blogger.com/profile/04716379255368704897noreply@blogger.comtag:blogger.com,1999:blog-9200551703084243537.post-42638255196020781532011-08-31T08:13:31.692-05:002011-08-31T08:13:31.692-05:00Very helpful. Thanks for explaining how you made t...Very helpful. Thanks for explaining how you made this work.<br /><br />I had a small problem with this code, though. Where OnAuthorization() is supposed to return an error message to the current view, the "this" object has no MasterName or ViewName member. Where do they come from?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9200551703084243537.post-66309102814533692622011-05-18T03:41:30.678-05:002011-05-18T03:41:30.678-05:00Hi, I know it is kind of old post, but It inspired...Hi, I know it is kind of old post, but It inspired me to implement this solution in my ASP.NET MVC 2 application. I have some problem however:<br /><br />http://stackoverflow.com/questions/5936490/custom-authenticationattribute-using-windows-authentication<br /><br />could You help?Rysiohttps://www.blogger.com/profile/15662433770376164798noreply@blogger.comtag:blogger.com,1999:blog-9200551703084243537.post-45008539782537279772011-03-15T11:09:50.097-05:002011-03-15T11:09:50.097-05:00I've posted an updated version that addresses ...I've posted an updated version that addresses the caching issue for owners. See http://farm-fresh-code.blogspot.com/2011/03/revisiting-custom-authorization-in.htmltvanfossonhttps://www.blogger.com/profile/04716379255368704897noreply@blogger.comtag:blogger.com,1999:blog-9200551703084243537.post-13487679876665133792011-03-10T14:59:30.186-06:002011-03-10T14:59:30.186-06:00Just about perfect! I have a concern about the au...Just about perfect! I have a concern about the authorizations that would need access to RouteData (or other AuthorizationContext information) not having access to the properties during the OnCacheAuthorization callback.<br /><br />Would this be legal?<br /><br /> // this has to replace the existing code, because we need to pass the entire <br /> // filterContext to the Allowed method and also pass it to the cache validation callback<br /> public override void OnAuthorization(AuthorizationContext filterContext)<br /> {<br /> if (filterContext == null)<br /> throw new ArgumentNullException("filterContext");<br /><br /> if (IsOwner(filterContext))<br /> {<br /> HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;<br /> cache.SetProxyMaxAge(new TimeSpan(0L));<br /> cache.AddValidationCallback(this.CacheValidateHandler, filterContext);<br /> }<br /> else<br /> {<br /> HandleUnauthorizedRequest(filterContext);<br /> }<br /> }<br /><br />Then having this for the callbacks:<br /><br /> protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)<br /> {<br /> return OnCacheAuthorization(httpContext, null);<br /> }<br /><br /> // this (non-override) version takes the AuthorizationContext (original filterContext) during callback<br /> protected HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext, AuthorizationContext filterContext)<br /> {<br /> if (httpContext != null<br /> && httpContext.User != null<br /> && httpContext.User.Identity != null<br /> && httpContext.User.Identity.IsAuthenticated)<br /> {<br /> if (filterContext != null && IsOwner(filterContext))<br /> return HttpValidationStatus.IgnoreThisRequest;<br /> else<br /> return HttpValidationStatus.Invalid;<br /> }<br /> else<br /> return HttpValidationStatus.Valid;<br /> }IDisposablehttps://www.blogger.com/profile/02275315449689041289noreply@blogger.com