2

I am creating a mvc application with Areas. I Need to have different authentication method for these areas.

I Usually use httpmodules for authentication, in the http module i check if the user is authenticated (i usually use cookies) and if not i redirect him.

So i have an httpmodule for authenticating the whole application and i want to register another httpmodule for authenticating in the area.

I tried:

  1. using a web.config file in the area folder and listing the httpmodule there.
  2. Using a location section in the web.config file.

Both did not work for me the httpmodule never got called.

  1. How can i register a httpmodule for an area.
  2. How can i override the httpmodule of the whole app.
  3. If this is the wrong way of going about it what is a better way of doing this.

Thanks

Daniel
  • 2,331
  • 3
  • 26
  • 35

1 Answers1

2

You can always write a custom AuthorizeAttribute where you override AuthorizeCore. In this function you always can redirect to the specific loginurl.

public class CustomAuthorizationAttribute : AuthorizeAttribute
{
    private string notifyUrl = string.Format("{0}{1}", GeneralHelper.BaseSiteUrl, "Login");

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext.User.Identity.IsAuthenticated)
        {
            // get userinformation
            return true;
        }

        httpContext.Response.Redirect(NotifyUrl);
        return false;
    }
}

If you don't included the redirect, it wil be redirected loginurl defined in web.config

Martin Geisler
  • 72,968
  • 25
  • 171
  • 229
Yannick Hammens
  • 53
  • 1
  • 5