How to abstract my Authorize code/Tidy up my controller

Question

Can anyone recommend how to tidy up my piece of code/make it more use able. This is what happens:

If controller has [Authorize] the first line's of code within that function read

    var user = GetUser(_userService);
    if (user == null)
    return RedirectToAction("Logout", "User");

This allows me not only to check if the authentication cookie is there, but you also check that the user still lives within the database.

My get user function is pretty simple, Gets the cookie, decrypt's it and then uses the service layer to return the user this function is declared in a class all my controller inherit from.

   public User GetUser(IUserService service)
    {
        var name = HttpContext.User.Identity.Name;
        var faDecrypt = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value);
        if (faDecrypt == null)
            return null;
        var userString = faDecrypt.Name;
        if (String.IsNullOrEmpty(userString))
            return null;
        return  service.Find(userString);
    }

All my controllers parameteres are injected using Ninject and look like below:

  public UserController(IUserService service, IUnitOfWork unitOfWork)
        {
            _service = service;
            _unitOfWork = unitOfWork;
        }

The problem I am facing is I want to move this out to somewhere where it says:

"Authorize tag is in place, Run get user to ensure the user is real, if real continue, if not redirect"

I also require this function to be able to be inject within Ninject as each service has a HTTP Request Lifetime.

---Update---

After implementing a CustomAttribute shown below:

  public class EnhanchedAuthorize : ActionFilterAttribute

{
    private readonly IUserService _service;
    public EnhanchedAuthorize(IUserService service)
    {
        _service = service;
    }
}

When using it like this:

    [HttpPost]
    [EnhanchedAuthorize]
    public ActionResult Edit(VenueCreateEditViewModel model)

I get the following error

"Constructor EnhanchedAuthorize has 1 parameter(s) but is invoked with 0 parameter(s)"

Why does Ninject not handle this?

Do Authorize operations in base controller: http://stackoverflow.com/a/21981920/1534785 — Jeyhun Rahimov, Feb 24 '14 at 10:58
Your EnhanchedAuthorize constructor expects a parameter. Create a parameter-less constructor. — Johann Blais, Feb 24 '14 at 11:23
For now, you have to resort to property injection for action filters when using Ninject. Or use two classes: one for filter, and other for attribute. Please check this: http://stackoverflow.com/questions/6193414/dependency-injection-with-ninject-and-filter-attribute-for-asp-net-mvc — cvbarros, Feb 24 '14 at 18:16

score 1 · Answer 1 · answered Feb 24 '14 at 10:54

1

You can create your own attribute inheriting from ActionFilterAttribute and implement your redirection logic in here.

Some examples here and here

answered Feb 24 '14 at 10:54

Johann Blais

9,389
6
45
65

Are you able to give a simple example? – Lemex Feb 24 '14 at 10:55

score 1 · Answer 2 · answered Feb 24 '14 at 11:24

Do not define _service in action, define it in your base controller and in action:

public class EnhanchedAuthorize : ActionFilterAttribute
{
   public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);
            BaseController controller = filterContext.Controller as BaseController;

            //use service now
            controller.UserService.CallMethod();
            .....
        }
}

How to abstract my Authorize code/Tidy up my controller

2 Answers2