Create Custome class of AuthorizeAttribute implementation issue in mvc core

Question

User-1710838230 posted

Hi,
I create a class which implement AuthorizeAttribute Interface with override method HandleUnauthorizedRequest in mvc core.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;
using IdentityTest.DBModel;

namespace IdentityTest.CustomFolder
{
public class CustomErrorTexelMobile: AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
using (MobileEntities db = new MobileEntities())
{
var res = db.SelfServeAdmins.FirstOrDefault(sid => sid.MobileSignOnEnabled == true);
if (res == null)
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new {controller = "PermissionError", action = "AccessDenied"}));
}
}
}
}
}

Compile Time error: Error CS7069 Reference to type 'RouteValueDictionary' claims it is defined in 'System.Web', but it could not be found

How can to slove this issue. Which namespace necessary for MVC Core against This issue.

Answer 1

User1289604957 posted

Hi,

Which template did you choose to create this project?

Best Regards,

Maher

Answer 2

User-1710838230 posted

Hi,

MaherJendoub,

I am working in asp.net mvc core 1.0.

I just need a authroize filter before action method where i check a value from database table, if i found it true then move to action other wise move to error view.

Thanks

Answer 3

User1168443798 posted

Hi FarhatKhan,

There is no HandleUnauthorizedRequest in Asp.Net Core.

You could try Policy-Based Authorization or implement your own Authorize Attribute by using IAuthorizationFilter.

You could refer the link below for these two ways.

# How do you create a custom AuthorizeAttribute in ASP.NET Core?

https://stackoverflow.com/questions/31464359/how-do-you-create-a-custom-authorizeattribute-in-asp-net-core

Best Regards,

Edward

Answer 4

User-1710838230 posted

Hi,

Please can you guide me how to check a value from database, if true then actionmethod executed otherwise not. I need a class which check value from database and redirect to error view. I add this class before above each action method.

[classnameChecker]

Public ActionResult Index(){}

I need something like this.

Please guide me.

Answer 5

User1168443798 posted

Have you implemented the ClaimRequirementFilter in my above link?

For accessing DbContext, you could inject the DbContext to ClaimRequirementFilter like below:

public class ClaimRequirementFilter : IAuthorizationFilter
{
    readonly ApplicationDbContext _context;

    public ClaimRequirementFilter(ApplicationDbContext context)
    {
        _context = context;
    }

    public void  OnAuthorization(AuthorizationFilterContext context)
    {
        //query from _context
    }
}

Answer 6

User-1710838230 posted

Hi,

I am begineer in MVC Core. Please provide me the whole code for this scenario.
I have implemented you code in your last post but facing below errors.

see screenshot at:https://prnt.sc/iou7mz

Please tell me how to redirect from Controller after ready dbcontext and it give me error "does not implement interface member".

Again Exactly what i want.

Same in first post when i write the MVC5 code. I do same in MVC Core. I am not checking user permission. I just a column value if true then redirect to error view other wise execute action method of controller.
The class where i write the code, just add [className] above of action method.

Answer 7

User585649674 posted

Try Something like below.

In start up. cs.

1. Create a method which will call the database to get the value. Save this value to global variable. (https://stackoverflow.com/questions/46482614/using-global-variable-in-asp-net-core-controller)
2. Add a middleware, which will check for the global variable, and will call invoke next method or throw exception. Which can be redirected to error page. https://docs.microsoft.com/en-us/aspnet/core/fundamentals/error-handling

Since your functionality is irrespective of user, you need not call the database for each request. You need to call the database only once during start up.

Answer 8

User1168443798 posted

>>Please tell me how to redirect from Controller after ready dbcontext and it give me error "does not implement interface member".

For this error, you should use "AuthorizationFilterContext " instead of your own DbContext, you have registerd your own DbContext in constructor.

Answer 9

User-1710838230 posted

Hi,

I just want to check a value from database, if it that value exists in database then redirect to error view instead of action method execution.

I have done this in MVC5 multiple times but in mvc core its not work with same mvc5 way. In my first post, i post the mvc5 code and want the same functionality in mvc core. Can you help me ? In your last post, i have implement the same way as you mentioned but IAuthorizationFilter give an error "ClaimRequirementFilter does not implement Interface IAuthorizationFilter.OnAuthorization". Plee see error message:https://prnt.sc/iou7mz

Thanks

Answer 10

User1168443798 posted

Please check the code line by code, you should use  "AuthorizationFilterContext " instead of "TexellCheckInContext" for "OnAuthorization"

public class ClaimRequirementFilter : IAuthorizationFilter
{
    readonly TexellCheckInContext _context;

    public ClaimRequirementFilter(TexellCheckInContext context)
    {
        _context = context;
    }

    public void  OnAuthorization(AuthorizationFilterContext context)
    {
        //query from _context
        var res = _context.SelfServeAdmin....;
        if(res!=null)
        {
            context.Result = new RedirectToActionResult("Login", "Account",null);
        }
    }
}

Answer 11

User-1710838230 posted

Hi Edward Z,

After implement your above code, now i am facing below error:

Error link :https://prnt.sc/ipzi4t

Now what will be missing from my side?
Same your code copied.

Answer 12

User1168443798 posted

Please check the link below for whole implementation and use.

https://stackoverflow.com/questions/31464359/how-do-you-create-a-custom-authorizeattribute-in-asp-net-core 

Answer 13

User-1710838230 posted

Hi Edward,

I have it but can't understand. Please tell me what am missing in my attached code screenshot?

Really thankful to you.

Answer 14

User1168443798 posted

What is the issue while you implementing the similiar code like below?

public class ClaimRequirementAttribute : TypeFilterAttribute
{
    public ClaimRequirementAttribute(string claimType, string claimValue) : base(typeof(ClaimRequirementFilter))
    {
        Arguments = new object[] {new Claim(claimType, claimValue) };
    }
}

public class ClaimRequirementFilter : IAuthorizationFilter
{
    readonly Claim _claim;

    public ClaimRequirementFilter(Claim claim)
    {
        _claim = claim;
    }

    public void  OnAuthorization(AuthorizationFilterContext context)
    {
        var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && c.Value == _claim.Value);
        if (!hasClaim)
        {
            context.Result = new ForbidResult();
        }
    }
}


[Route("api/resource")]
public class MyController : Controller
{
    [ClaimRequirement(MyClaimTypes.Permission, "CanReadResource")]
    [HttpGet]
    public IActionResult GetResource()
    {
        return Ok();
    }
}

Answer 15

User-1710838230 posted

HI Edward,

[ClaimRequirement(MyClaimTypes.Permission, "CanReadResource")]

where have you declare CanReadResource in class?

Can you give me a solution step ny step?

I just want a check before executing any action method of controller.How to check ? I want  to create a class where i read out a single value from database, if that value is true then execute that action method if value is not true then redirect to error view.
How to achieve this?

Like as you told me implement ClaimRequirementFilter

public class ClaimRequirementFilter : IAuthorizationFilter
{
    readonly TexellCheckInContext _context;

    public ClaimRequirementFilter(TexellCheckInContext context)
    {
        _context = context;
    }

    public void  OnAuthorization(AuthorizationFilterContext context)
    {
        //query from _context
        var res = _context.SelfServeAdmin....;
        if(res!=null)
        {
            context.Result = new RedirectToActionResult("Login", "Account",null);
        }
    }
}

When I put [ClaimRequirementFilter] above my actionmethod, it give me error ClaimRequirementFilter is not attribute class.

Just solve my attribute class error.

Many Thanks

Answer 16

User1168443798 posted

>>Just solve my attribute class error.

I understood.

I think we could discuss your issue separately. Since your original error related with attribute has been resolved, I would suggest you mark the helpful reply as answer to close this thread.

>>When I put [ClaimRequirementFilter] above my actionmethod, it give me error ClaimRequirementFilter is not attribute class

For this error, I would suggest you post a new thread, and we will guide you step by step.

Best Regards,

Edward

Answer 17

User-1710838230 posted

Hi Edward,

Again, at that thread people ask many questions related to that customized attribute class. As you all know the complete error. Please resolved here

>>When I put [ClaimRequirementFilter] above my actionmethod, it give me error ClaimRequirementFilter is not attribute class

Thanks

Answer 18

User-864166757 posted

See complete details here: http://yassershaikh.com/custom-authorization-in-asp-net-mvc-3-using-iauthorizationfilter-filterattribute/

Change your code to:

public class CustomErrorTexelMobile: AuthorizeAttribute

Answer 19

User-1710838230 posted

Hi,

Facing below error:

error link:https://prnt.sc/iqirzd

Thanks

Answer 20

User1168443798 posted

If you do not need to pass parameter to ClaimRequirement, you could define ClaimRequirement with no parameter constructor.

Then, you could use it like "[ClaimRequirement]".

Answer 21

User-1710838230 posted

Hi Ewdard,

I am not passing any parameters, please see my 2nd last post, where i mentioned your name. And i am ready use [ClaimRequirement].

Please look and give proper solution. Please see my 2nd last post again. Please check this link:https://forums.asp.net/post/6196633.aspx

Answer 22

User1168443798 posted

Please pay attention to my above code, I used "ClaimRequirementAttribute" and "ClaimRequirement" instead of "ClaimRequirementFilter".

Again, it is recommended to discuss one error in one thread.

Answer 23

User1644932336 posted

Same issue I facing ...

Is u solve this issue ? If Yes then how .. . please help me out