locked
Web API OnAuthorize is not redirecting properly. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1188570427 posted

    I have a MVC application that uses MVC Controllers (of course), but also Web API Controllers.

    I have a authorization attribute on my web API controllers that will validate if the user has access to them.

    I have everything working except the redirect is not redirecting to anywhere.

    IT DOES not let them into the method that is being authorized though, so my code is stopping that.

    Just not redirecting like it should.

    Here is my code:

            public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (AccessNames == null)
            {
                actionContext.Response = actionContext.Request.CreateResponse(
                  HttpStatusCode.Unauthorized,
                  actionContext.ControllerContext.Configuration.Formatters.JsonFormatter);

                base.OnAuthorization(actionContext);
            }

            var currentUserId = UserIdentityUtilities.GetUserId(HttpContext.Current.User.Identity);

            var userPermissions = Task.Run(() => UserService.GetUsersApplicationAccess(currentUserId)).Result;
            var permissions = userPermissions.Select(x => x.AccessName).ToList();

            if (!permissions.Intersect(AccessNames).Any())
            {
                actionContext.Response = actionContext.Request.CreateResponse(
                     HttpStatusCode.Unauthorized,
                     actionContext.ControllerContext.Configuration.Formatters.JsonFormatter);
                    base.OnAuthorization(actionContext);
            }
        }

    Saturday, June 27, 2020 12:07 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-474980206 posted

    Why would a webapi do a redirect? It should just return a 401 status code. If the returns a redirect, what is the caller supposed to do with the redirect response? 

    Saturday, June 27, 2020 3:15 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1188570427 posted

    Why would a webapi do a redirect? It should just return a 401 status code. If the returns a redirect, what is the caller supposed to do with the redirect response? 

    Yes, I know it should be a 401 code (unauthorized), but for some reason, the application is not doing anything when the actionContext has the response set.

    Where in my MVC app can I fix that? I guess that is what I am asking.

    Saturday, June 27, 2020 6:36 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-474980206 posted

    why after setting the response do you call?

        base.OnAuthorization(actionContext);

    also why this code? what's the point of the Task.Run other than using more resources?

      var userPermissions = Task.Run(() => UserService.GetUsersApplicationAccess(currentUserId)).Result;
    Sunday, June 28, 2020 11:06 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1188570427 posted

    why after setting the response do you call?

        base.OnAuthorization(actionContext);

    also why this code? what's the point of the Task.Run other than using more resources?

      var userPermissions = Task.Run(() => UserService.GetUsersApplicationAccess(currentUserId)).Result;

    Let me remove the call and try.

     base.OnAuthorization(actionContext);

    The other code is used because we do our own roles in the database:

     var userPermissions = Task.Run(() => UserService.GetUsersApplicationAccess(currentUserId)).Result;

    Monday, June 29, 2020 3:19 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-474980206 posted

    but why not just the simpler and faster:

     var userPermissions = UserService.GetUsersApplicationAccess(currentUserId);
    Monday, June 29, 2020 7:47 PM