Get AuthorizeAttribute to work roles with start and expiration date in web api 2 application ?

Question

I need to modify user roles in my web api 2 project using Identity 2 by adding additional properties: DateTime StartDate and DateTime EndDate. This is required to be able to grant users roles for a limited period of time.

What do I need to do to get the Authorize attribute such as [Authorize(Role="poweruser")] etc. to understand the role dates?

According to source (https://github.com/ASP-NET-MVC/aspnetwebstack/blob/master/src/System.Web.Http/AuthorizeAttribute.cs) this filter ultimately calls IPrincipal.IsInRole:

protected virtual bool IsAuthorized(HttpActionContext actionContext)
{
    ... 

    if (_rolesSplit.Length > 0 && !_rolesSplit.Any(user.IsInRole))
    {
        return false;
    }

    return true;
}

Looks like I need to subclass the implementation of IPrincipal in HttpActionContext.ControllerContext.RequestContext.Principal and somehow inject it somewhere in the life cycle instead of the default implementation.

How do I do this?

score 1 · Accepted Answer · answered Apr 06 '15 at 12:02

Just Create a custom implementation of of AuthorizeAttribute like UserAuthorize and instead of using [Authorize(Role="poweruser")] you will use [UserAuthorize(Role="poweruser")]. Your UserAuthorize implmentation could look like this:

public class UserAuthorizeAttribute : AuthorizeAttribute
{
    /// <summary>
    /// Validate User Request for selected Feature
    /// </summary>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if(!isAuthorized) {
            return false; //User is Not Even Logged In
        }
        //Your custom logic here 
    }

Get AuthorizeAttribute to work roles with start and expiration date in web api 2 application ?

1 Answers1