1

I want to create my custom authorization in web API controller to check the roles of the user and if its active user. So far this is my code and I don't know yet how/what to override in this codes.

using Avanza.Conference.Persistence;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace Avanza.Conference.Core.Extensions
{
    public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        ApplicationDbContext _context = new ApplicationDbContext(); // my entity  

        public override void OnAuthorization(HttpActionContext actionContext)
        {

            //Sample on what to do here??
            if (AuthorizeRequest(actionContext))
            {

                return;

            }

            HandleUnauthorizedRequest(actionContext);

        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {

            //Code to handle unauthorized request
            var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
            challengeMessage.Headers.Add("WWW-Authenticate", "Basic");
            throw new HttpResponseException(challengeMessage);

        }

        private bool AuthorizeRequest(HttpActionContext actionContext)
        {

            //Sample on what to do here??

            return true;

        }

    }
}
Improve this question

1 Answer 1

Reset to default
1

Here is the sample you required, this check the request contains the authenticationtoken then only allow to execute the request. you can here check your session is available to check user logged in or not.

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
    public override void OnAuthorization({
           System.Web.Http.Controllers.HttpActionContext actionContext)
    private readonly string Resource {get; set; }base.OnAuthorization(actionContext);
        if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
            string authenticationToken =public Convert.ToStringCustomAuthorize(
           string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action);
            //authenticationTokenPersistant{
            // it is saved in someResource data= storeresource;
            // i will compare the authenticationToken sent byAction client= withaction;
            // authenticationToken persist in database against specific user, and act accordingly}
          public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken)
            {
                HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext);
                HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{
                actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext);
                return;
            }

 //Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action
        HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
   //Your logic here to return return;
authorize or unauthorized response }
    actionContext.Response = 
      actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);}
    actionContext.Response.ReasonPhrase = "Please provide valid inputs";
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Im looking for authorization not authentication but still thanks thank you for trying to help.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.