Custom auth filter - why would you want to call base.

Question

User853731431 posted

If your going to extend AuthorizeAttribute, why would you want to call the base method also?
eg.  http://stackoverflow.com/a/11494091/5317103

 var authorized = base.AuthorizeCore(httpContext);
        if (!authorized)
        {
            // The user is not authenticated
            return false;
        }
... 

Answer 1

User753101303 posted

Hi,

It just allows to reuse the existing behavior. What is the problem? I would place the Admin check earlier though.

Ultimately it all depends on what you want to do.

Answer 2

User614698185 posted

Hi BitShift,

In general, there is no problem in hard coding the Authorize attribute for role as Admin and SuperAdmin, however think about the scenario, where we have to filter many controllers or action methods in the project. In general, what would we do is to copy-paste the attribute everywhere.

This raises a concern of duplication and maintenance. Tomorrow, if we need to change role names to something else or need to add another role into it then we will have to find and replace from entire project. There are chances or errors in this plus a lot of work too.

There can be many other scenarios where custom authentication filter is required and in all those scenario, this approach can be followed.

The solution of this problem is to create a custom authentication filter and use that in the controller or action methods. If we need any change, we just need to modify the custom authentication filter code at one place and that will affect all controller and action methods that is using this custom filter.

For more information, please see: http://www.dotnetfunda.com/articles/show/2935/creating-custom-authentication-filter-in-aspnet-mvc

Best Regards,

Candice Zhou