locked
authorize using azure authorize.net RRS feed

  • Question

  • User1080785583 posted

    This code base.AuthorizeCore always returns false. I am authenticated... 

    public class AuthorizeAdAttribute : AuthorizeAttribute
        {
            public string Groups { get; set; }
    
            protected override bool AuthorizeCore(HttpContextBase httpContext)
            {
                if (base.AuthorizeCore(httpContext))
                {
                    /* Return true immediately if the authorization is not 
                        locked down to any particular AD group */
                    if (String.IsNullOrEmpty(Groups))
                        return true;
    
                    // Get the AD groups
                    var groups = Groups.Split(',').ToList();
    
                    // Verify that the user is in the given AD group (if any)
                    var context = new PrincipalContext(
                        ContextType.Domain,
                        "WOOTDOMAIN");
    
                    var userPrincipal = UserPrincipal.FindByIdentity(
                        context,
                        IdentityType.SamAccountName,
                        httpContext.User.Identity.Name);
    
                    foreach (var group in groups)
                        if (userPrincipal.IsMemberOf(context,
                            IdentityType.Name,
                            group))
                            return true;
                }
                return false;
            }
    
            protected override void HandleUnauthorizedRequest(
                AuthorizationContext filterContext)
            {
                if (filterContext.HttpContext.User.Identity.IsAuthenticated)
                {
                    var result = new ViewResult();
                    result.ViewName = "NotAuthorized";
                    result.MasterName = "_Layout";
                    filterContext.Result = result;
                }
                else
                    base.HandleUnauthorizedRequest(filterContext);
            }
        }

    usage:

    [AuthorizeAd(Roles = "WOOTS")]
            public ActionResult Import()
            {
            
            }

    Thursday, February 26, 2015 2:04 PM

All replies