locked
Create Custome class of AuthorizeAttribute implementation issue in mvc core RRS feed

  • Question

  • User-1710838230 posted

    Hi,
    I create a class which implement AuthorizeAttribute Interface with override method HandleUnauthorizedRequest in mvc core.

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.Mvc;
    using System.Web.Routing;
    using IdentityTest.DBModel;
    
    namespace IdentityTest.CustomFolder
    {
    public class CustomErrorTexelMobile: AuthorizeAttribute
    {
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
    using (MobileEntities db = new MobileEntities())
    {
    var res = db.SelfServeAdmins.FirstOrDefault(sid => sid.MobileSignOnEnabled == true);
    if (res == null)
    {
    filterContext.Result = new RedirectToRouteResult(new
    RouteValueDictionary(new {controller = "PermissionError", action = "AccessDenied"}));
    }
    }
    }
    }
    }

    Compile Time error: Error CS7069 Reference to type 'RouteValueDictionary' claims it is defined in 'System.Web', but it could not be found

    How can to slove this issue. Which namespace necessary for MVC Core against This issue.

    Thursday, March 8, 2018 10:10 AM

All replies

  • User1289604957 posted

    Hi,

    Which template did you choose to create this project?

    Best Regards,

    Maher

    Thursday, March 8, 2018 1:36 PM
  • User-1710838230 posted

    Hi,

    MaherJendoub,

    I am working in asp.net mvc core 1.0.

    I just need a authroize filter before action method where i check a value from database table, if i found it true then move to action other wise move to error view.

    Thanks

    Thursday, March 8, 2018 7:17 PM
  • User1168443798 posted

    Hi FarhatKhan,

    There is no HandleUnauthorizedRequest in Asp.Net Core.

    You could try Policy-Based Authorization or implement your own Authorize Attribute by using IAuthorizationFilter.

    You could refer the link below for these two ways.

    # How do you create a custom AuthorizeAttribute in ASP.NET Core?

    https://stackoverflow.com/questions/31464359/how-do-you-create-a-custom-authorizeattribute-in-asp-net-core

    Best Regards,

    Edward

    Friday, March 9, 2018 6:13 AM
  • User-1710838230 posted

    Hi,

    Please can you guide me how to check a value from database, if true then actionmethod executed otherwise not. I need a class which check value from database and redirect to error view. I add this class before above each action method.

    [classnameChecker]

    Public ActionResult Index(){}

    I need something like this.

    Please guide me.

    Friday, March 9, 2018 7:32 AM
  • User1168443798 posted

    Have you implemented the ClaimRequirementFilter in my above link?

    For accessing DbContext, you could inject the DbContext to ClaimRequirementFilter like below:

    public class ClaimRequirementFilter : IAuthorizationFilter
    {
        readonly ApplicationDbContext _context;
    
        public ClaimRequirementFilter(ApplicationDbContext context)
        {
            _context = context;
        }
    
        public void  OnAuthorization(AuthorizationFilterContext context)
        {
            //query from _context
        }
    }

    Friday, March 9, 2018 8:06 AM
  • User-1710838230 posted

    Hi,

    I am begineer in MVC Core. Please provide me the whole code for this scenario.
    I have implemented you code in your last post but facing below errors.

    see screenshot at:https://prnt.sc/iou7mz

    Please tell me how to redirect from Controller after ready dbcontext and it give me error "does not implement interface member".

    Again Exactly what i want.

    Same in first post when i write the MVC5 code. I do same in MVC Core. I am not checking user permission. I just a column value if true then redirect to error view other wise execute action method of controller.
    The class where i write the code, just add [className] above of action method.

    Friday, March 9, 2018 10:12 AM
  • User585649674 posted

    Try Something like below.

    In start up. cs.

    1. Create a method which will call the database to get the value. Save this value to global variable. (https://stackoverflow.com/questions/46482614/using-global-variable-in-asp-net-core-controller)
    2. Add a middleware, which will check for the global variable, and will call invoke next method or throw exception. Which can be redirected to error page. https://docs.microsoft.com/en-us/aspnet/core/fundamentals/error-handling

    Since your functionality is irrespective of user, you need not call the database for each request. You need to call the database only once during start up.

    Monday, March 12, 2018 2:31 AM
  • User1168443798 posted

    >>Please tell me how to redirect from Controller after ready dbcontext and it give me error "does not implement interface member".

    For this error, you should use "AuthorizationFilterContext " instead of your own DbContext, you have registerd your own DbContext in constructor.

    Monday, March 12, 2018 6:14 AM
  • User-1710838230 posted

    Hi,

    I just want to check a value from database, if it that value exists in database then redirect to error view instead of action method execution.

    I have done this in MVC5 multiple times but in mvc core its not work with same mvc5 way. In my first post, i post the mvc5 code and want the same functionality in mvc core. Can you help me ? In your last post, i have implement the same way as you mentioned but IAuthorizationFilter give an error "ClaimRequirementFilter does not implement Interface IAuthorizationFilter.OnAuthorization". Plee see error message:https://prnt.sc/iou7mz

    Thanks

    Monday, March 12, 2018 6:46 AM
  • User1168443798 posted

    Please check the code line by code, you should use  "AuthorizationFilterContext " instead of "TexellCheckInContext" for "OnAuthorization"

    public class ClaimRequirementFilter : IAuthorizationFilter
    {
        readonly TexellCheckInContext _context;
    
        public ClaimRequirementFilter(TexellCheckInContext context)
        {
            _context = context;
        }
    
        public void  OnAuthorization(AuthorizationFilterContext context)
        {
            //query from _context
            var res = _context.SelfServeAdmin....;
            if(res!=null)
            {
                context.Result = new RedirectToActionResult("Login", "Account",null);
            }
        }
    }

    Monday, March 12, 2018 7:29 AM
  • User-1710838230 posted

    Hi Edward Z,

    After implement your above code, now i am facing below error:

    Error link :https://prnt.sc/ipzi4t

    Now what will be missing from my side?
    Same your code copied.

    Monday, March 12, 2018 8:01 AM
  • User1168443798 posted

    Please check the link below for whole implementation and use.

    https://stackoverflow.com/questions/31464359/how-do-you-create-a-custom-authorizeattribute-in-asp-net-core 

    Monday, March 12, 2018 8:03 AM
  • User-1710838230 posted

    Hi Edward,

    I have it but can't understand. Please tell me what am missing in my attached code screenshot?

    Really thankful to you.

    Monday, March 12, 2018 8:17 AM
  • User1168443798 posted

    What is the issue while you implementing the similiar code like below?

    public class ClaimRequirementAttribute : TypeFilterAttribute
    {
        public ClaimRequirementAttribute(string claimType, string claimValue) : base(typeof(ClaimRequirementFilter))
        {
            Arguments = new object[] {new Claim(claimType, claimValue) };
        }
    }
    
    public class ClaimRequirementFilter : IAuthorizationFilter
    {
        readonly Claim _claim;
    
        public ClaimRequirementFilter(Claim claim)
        {
            _claim = claim;
        }
    
        public void  OnAuthorization(AuthorizationFilterContext context)
        {
            var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && c.Value == _claim.Value);
            if (!hasClaim)
            {
                context.Result = new ForbidResult();
            }
        }
    }
    
    
    [Route("api/resource")]
    public class MyController : Controller
    {
        [ClaimRequirement(MyClaimTypes.Permission, "CanReadResource")]
        [HttpGet]
        public IActionResult GetResource()
        {
            return Ok();
        }
    }

    Tuesday, March 13, 2018 2:40 AM
  • User-1710838230 posted

    HI Edward,

    [ClaimRequirement(MyClaimTypes.Permission, "CanReadResource")]

    where have you declare CanReadResource in class?

    Can you give me a solution step ny step?

    I just want a check before executing any action method of controller.How to check ? I want  to create a class where i read out a single value from database, if that value is true then execute that action method if value is not true then redirect to error view.
    How to achieve this?


    Like as you told me implement ClaimRequirementFilter

    public class ClaimRequirementFilter : IAuthorizationFilter
    {
        readonly TexellCheckInContext _context;
    
        public ClaimRequirementFilter(TexellCheckInContext context)
        {
            _context = context;
        }
    
        public void  OnAuthorization(AuthorizationFilterContext context)
        {
            //query from _context
            var res = _context.SelfServeAdmin....;
            if(res!=null)
            {
                context.Result = new RedirectToActionResult("Login", "Account",null);
            }
        }
    }

    When I put [ClaimRequirementFilter] above my actionmethod, it give me error ClaimRequirementFilter is not attribute class.

    Just solve my attribute class error.

    Many Thanks

    Tuesday, March 13, 2018 7:41 AM
  • User1168443798 posted

    >>Just solve my attribute class error.

    I understood.

    I think we could discuss your issue separately. Since your original error related with attribute has been resolved, I would suggest you mark the helpful reply as answer to close this thread.

    >>When I put [ClaimRequirementFilter] above my actionmethod, it give me error ClaimRequirementFilter is not attribute class

    For this error, I would suggest you post a new thread, and we will guide you step by step.

    Best Regards,

    Edward

    Tuesday, March 13, 2018 7:51 AM
  • User-1710838230 posted

    Hi Edward,

    Again, at that thread people ask many questions related to that customized attribute class. As you all know the complete error. Please resolved here

    >>When I put [ClaimRequirementFilter] above my actionmethod, it give me error ClaimRequirementFilter is not attribute class

    Thanks

    Tuesday, March 13, 2018 8:22 AM
  • User-864166757 posted

    See complete details here: http://yassershaikh.com/custom-authorization-in-asp-net-mvc-3-using-iauthorizationfilter-filterattribute/

    Change your code to:

    public class CustomErrorTexelMobile: AuthorizeAttribute
    Tuesday, March 13, 2018 9:10 AM
  • User-1710838230 posted

    Hi,

    Facing below error:

    error link:https://prnt.sc/iqirzd

    Thanks

    Tuesday, March 13, 2018 10:04 AM
  • User1168443798 posted

    If you do not need to pass parameter to ClaimRequirement, you could define ClaimRequirement with no parameter constructor.

    Then, you could use it like "[ClaimRequirement]".

    Wednesday, March 14, 2018 8:47 AM
  • User-1710838230 posted

    Hi Ewdard,

    I am not passing any parameters, please see my 2nd last post, where i mentioned your name. And i am ready use [ClaimRequirement].

    Please look and give proper solution. Please see my 2nd last post again. Please check this link:https://forums.asp.net/post/6196633.aspx

    Wednesday, March 14, 2018 10:53 AM
  • User1168443798 posted

    Please pay attention to my above code, I used "ClaimRequirementAttribute" and "ClaimRequirement" instead of "ClaimRequirementFilter".

    Again, it is recommended to discuss one error in one thread.

    Thursday, March 15, 2018 3:12 AM
  • User1644932336 posted

    Same issue I facing ...

    Is u solve this issue ? If Yes then how .. . please help me out

    Wednesday, August 26, 2020 5:53 PM