locked
HandleUnauthorizedRequest vs OnActionExecuting RRS feed

  • Question

  • User-1350042179 posted

    Hi

    I overwrite both methods, but.. What is the first method executed by ASP MVC.

    This is my code:

     public class AccessAttribute : ActionFilterAttribute
        {
            public string Permiso { get; set; }
    
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {
                if (!FacadeSession.ValidarPermiso(Permiso))
                {
                    if (filterContext.HttpContext.Request.IsAjaxRequest())
                    {
                        filterContext.HttpContext.Response.Clear();
                        filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                        filterContext.Result = new JsonResult()
                        {
                            Data = new { status = (int)HttpStatusCode.Forbidden },
                            JsonRequestBehavior = JsonRequestBehavior.AllowGet
                        };
                    }
                    else
                    {
                        filterContext.Result = new RedirectToRouteResult(
                            new RouteValueDictionary {
                            { "action", "PrivilegiosInsuficientes" },
                            { "controller", "AccesoDenegado" },
                        });
                    }                
                }
            }
        }
    
     public class RepAuthorizationAttribute : AuthorizeAttribute
        {
            private RedirectToRouteResult RedirectoToUnauthorizedPageResult = new RedirectToRouteResult(new RouteValueDictionary {
                    { "action", "index" },
                    { "controller", "AccesoDenegado" }
                });
    
            protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
            {            
                if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
                {
                    var result = RedirectoToUnauthorizedPageResult;
                    var errorMsg = ResMessages.ContenidoErrorAutenticacion_RequiereAutenticarse;
                    if (FacadeSession.Usuario != null)
                    {
                        result.RouteValues["action"] = "SesionExpirada";
                        errorMsg = ResMessages.ContenidoErrorAutenticacion_SesionCulminada;
                    }                                       
                    FacadeSession.ClearCookie();
                    filterContext.HttpContext.Response.Clear();                
                    if (filterContext.HttpContext.Request.IsAjaxRequest())
                    {                    
                        filterContext.Result = new JsonResult()
                        {
                            Data = new
                            {
                                status = (int)HttpStatusCode.Unauthorized,
                                errMsg = errorMsg
                            },
                            JsonRequestBehavior = JsonRequestBehavior.AllowGet
                        };
                        filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Conflict;
                        filterContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;
                    }
                    else
                        filterContext.Result = result;
                }
            }
        }

    Friday, March 1, 2019 4:13 AM

Answers

  • User1520731567 posted

    Hi neoaguil17,

    Do you mean which method do you enter first?

    According to your code,I put  [RepAuthorization(Roles = "Admin")] and [Access] on one action.

    HandleUnauthorizedRequest is executed first than OnActionExecuting in my demo.

    I suggest you could add breakpoints on your code and check these filter.

    Best Regards.

    Yuki Tao

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, March 1, 2019 9:00 AM