Stack Overflow
Stack Overflow

Questions tagged [authorize-attribute]

385 questions
84
votes
4 answers

Asp.net MVC4: Authorize on both controller and action

If I have the Authorize attribute on both the controller and the action, which one will take the effect? Or will both take effect?
frank
  • 1,252
  • 1
  • 12
  • 17
62
votes
2 answers

MVC Core How to force / set global authorization for all actions?

How to force / set global authorization for all actions in MVC Core ? I know how to register global filters - for example I have: Setup.cs services.AddMvc(options => { options.Filters.Add(new RequireHttpsAttribute()); }); and this works fine,…
Lukasz Mk
  • 7,000
  • 2
  • 27
  • 41
57
votes
8 answers

Handling session timeout in ajax calls

I'm making an ajax call using jquery to an asp.net mvc controller action: [AcceptVerbs(HttpVerbs.Post)] public ActionResult GetWeek(string startDay) { var daysOfWeek = CompanyUtility.GetWeek(User.Company.Id, startDay); …
Justin
  • 17,670
  • 38
  • 132
  • 201
38
votes
5 answers

Get ActionName, ControllerName and AreaName and pass it in ActionFilter Attribute

I use a custom AuthorizationFilter like the followings: public class ActionAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { …
Saeid
  • 13,224
  • 32
  • 107
  • 173
31
votes
1 answer

How to return custom message if Authorize fails in WebAPI

In my WebAPI project, I have number of apis which are decorated with [Authorize] attribute. [Authorize] public HttpResponseMessage GetCustomers() { //my api } In case user doesn't have the right token, an access denied exception is returned to…
Kgn-web
  • 7,047
  • 24
  • 95
  • 161
26
votes
2 answers

Dynamically add roles to authorize attribute for controller

I need to enable my admin user to change access permissions for users on the fly, such that they can create new Roles and add permissions to those Roles. I want to be able to create an Authorize attribute to stick above my controller class that I…
barnacle.m
  • 2,070
  • 3
  • 38
  • 82
22
votes
3 answers

Why can't I combine [Authorize] and [OutputCache] attributes when using Azure cache (.NET MVC3 app)?

Using Windows Azure's Microsoft.Web.DistributedCache.DistributedCacheOutputCacheProvider as the outputCache provider for an MVC3 app. Here is the relevant action method: [ActionName("sample-cached-page")] [OutputCache(Duration = 300, VaryByCustom =…
danludwig
  • 46,965
  • 25
  • 159
  • 237
22
votes
3 answers

Action filter execution order

I have created two classes that implement AuthorizeAttribute. One is used globally, and I set it on the Global.asax.cs: filters.Add(new FirstAuthorizeAttribute() { Order = 0 }); The other is called SecondAuthorizeAttribute and it is used only in…
vtortola
  • 34,709
  • 29
  • 161
  • 263
21
votes
2 answers

ASP.Net Core 2.0 mixed authentication of JWT and Windows Authentication doesn't accept credentials

I've API created in asp.net core 2.0 where I am using mixed mode authentication. For some controllers JWT and for some using windows authentication. I've no problem with the controllers which authorize with JWT. But for the controllers where I want…
coolcake
  • 2,917
  • 8
  • 42
  • 57
21
votes
2 answers

A controller action which returns a partial view inserts the logon page when authorization fails

I have a view that loads a partial view from a controller action using jQuery. The controller action is decorated with the Authorize attribute and if the user has timed out when that action is called intead of being redirected to the proper LogOn…
fynnbob
  • 553
  • 1
  • 5
  • 14
21
votes
4 answers

Bypass or turn off [Authorize(Roles="")] during development?

Building an MVC3 application, and TPTB want us to use their custom authorization provider. However, during development this auth provider is kind of a pain, since it will either give an error til you shut down/restart the browser, or it will require…
Jamie M
  • 870
  • 1
  • 8
  • 18
20
votes
1 answer

How can I pass data from an AuthorizeAttribute to the Controller?

I have created a custom AuthorizeAttribute which verifies some OAuth credentials that are sent inside the HTTP header. I am using some of these credentials to identify who is making the request. Once I parse this information in the…
MetaGuru
  • 42,847
  • 67
  • 188
  • 294
18
votes
3 answers

asp.net MVC5 - Dependency Injection and AuthorizeAttribute

I searched a long time for a solution for my problem. I have a custom AuthorizeAttribute that needs a Dependency to a "Service" that has access to a DbContext. Sadly the Dependency Injection did not work in the custom AuthorizeAttribute and was…
Shamshiel
  • 2,051
  • 3
  • 31
  • 50
17
votes
5 answers

Get list of custom attributes for current action/controller in ASP.NET MVC

Checking out the sample code from http://lukesampson.com/post/471548689/entering-and-exiting-https-with-asp-net-mvc written for ASP.NET MVC2, I noticed they can check if a custom attribute is applied to the current action or controller by accessing…
DavGarcia
  • 18,540
  • 14
  • 58
  • 96
16
votes
4 answers

ASP.NET MVC Beta Authorize attribute sends me to wrong action

Today I started playing with the MVC 3 Beta. Started with an application from default MVC 3 template, added a new action in the Home controller as follows(with a view for it) [Authorize] public ActionResult Secured() { ViewModel.Message = "This…
Sai Puli
  • 951
  • 8
  • 12
1
2 3
25 26