0

I want to bypass my [SessionExpire] that has redirection to login. I want to bypass the attribute to execute it without logging in.

A custom attribute as shown :

public class SessionExpireAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            HttpContext ctx = HttpContext.Current;
            // check  sessions here
            if( HttpContext.Current.Session["username"] == null ) 
            {
               filterContext.Result = new RedirectResult("~/Account/Login");
               return;
            }
            base.OnActionExecuting(filterContext);
        }
    }

//SAMPLE IMPLEMENTATION:


[SessionExpire]
public class HomeController : Controller
{
  public ActionResult Index()
  {
     return Index();
  }
//I WANT TO BYPASS THIS JSONRESULT WITHOUT GOING TO SESSIONEXPIRE
  public JsonResult Result()
  {

     return Json();
  }

}
Francis Lim
  • 101
  • 1
  • 13
  • When do you want to do that? Always? If so, maybe adjust your timeout? – Jonathan Jul 29 '19 at 22:57
  • @Jonathan I added some information to the question sir, I just want to execute a jsonresult without going to the login. – Francis Lim Jul 29 '19 at 23:02
  • You could put the attributes onto the specific controller methods that you want to use them, instead of on the whole controller class – Jonathan Jul 29 '19 at 23:11
  • @Jonathan Yeah, thats my last resort because inside my controller i got 20 of classes to put separate [sessionexpire]. – Francis Lim Jul 29 '19 at 23:13
  • @Jonathan you deleted your answer. It is working and i added 'else' from your code. Searched it and gave the link to the answer. Thank you so much! – Francis Lim Jul 29 '19 at 23:35
  • I deleted it because when I looked at it again, I thought it was unlikely to work. I thought it would call the attribute method twice; once for method and once for class. I'll re add my answer. – Jonathan Jul 30 '19 at 03:22

3 Answers3

1

I don't know if this would work, but what if you put an extra property in there, and then pass through data on the one method that's the exception? Something like:

public class SessionExpireAttribute : ActionFilterAttribute
{
    public bool IsIgnore {get;set;}

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (IsIgnore)
            base.OnActionExecuting(filterContext);

        HttpContext ctx = HttpContext.Current;
        // check  sessions here
        if( HttpContext.Current.Session["username"] == null ) 
        {
           filterContext.Result = new RedirectResult("~/Account/Login");
           return;
        }
        base.OnActionExecuting(filterContext);
    }
}

//SAMPLE IMPLEMENTATION:


[SessionExpire]
public class HomeController : Controller
{
  public ActionResult Index()
  {
   return Index();
  }
//I WANT TO BYPASS THIS JSONRESULT WITHOUT GOING TO SESSIONEXPIRE
  [SessionExpire(IsIgnore = true)]
  public JsonResult Result()
  {
     return Json();
  }
}
Jonathan
  • 4,916
  • 2
  • 20
  • 37
0

Answered by Jonathan:

Passing custom parameter in custom attribute. Link here

Thanks!

Francis Lim
  • 101
  • 1
  • 13
0

What you are trying to do here is check if user is authenticated but in a rather custom way. Official documentation is rather extended, so I'd recommend to read https://learn.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-2.2 .

With your case I'd recommend to implement IAuthorizationFilter and use AllowAonymousAttribute. to bypass authentication.

Also you could improve UX by redirect user back to the page which it tried to access before authentication. For example if user tried to navigate to /orders but he was not authenticated, he is redirected to /account/login and once he is authenticated he should go back to /orders automatically. You can use a parameter for that: /account/login?redirect=orders

fenixil
  • 2,106
  • 7
  • 13