how to implement custom authorization in asp.net mvc 3?

Question

Looking for a custom authorization solution for a asp.net mvc 3 application with sql server 2008. I dont want to use the ASPNETDB.mdf though.

At the moment I am trying to use a customactionfilter but I dont know how to return a boolean here. Does anyone have a good sample of a similar scenario?

public class CustAuthFilterAttribute : ActionFilterAttribute, IActionFilter
{

public string Roles {get;set;}
public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
           //return true/false based on Role the user has
            base.OnActionExecuting(filterContext);
        }
}

score 1 · Accepted Answer · edited May 23 '17 at 12:27

1

You should be deriving from AuthorizeAttribute if you want to implement custom authorization.

This answer gives you a short example in how to use it.

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        // check context and roles

        ...

        return true;
    }
}

edited May 23 '17 at 12:27

Community

1
1

answered Jun 28 '12 at 02:56

Lester

4,243
2
27
31

Actually if I recall you need to ensure you call base.AuthorizeCore because of caching issues and the base handles it. – Adam Tuliper Jun 28 '12 at 06:21

how to implement custom authorization in asp.net mvc 3?

1 Answers1