本文转自：

I'm migrating my project to asp.net core and I'm stuck in migrating my CustomAuthorization attribute for my controllers. Here is my code.

public class CustomAuthorization : AuthorizeAttribute{    public string Url { get; set; }    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)    {        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)        {            filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);        }        else if (!Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))        {            filterContext.Result = new ViewResult            {                ViewName = "AcessDenied"            };        }        else        {            base.HandleUnauthorizedRequest(filterContext);        }    }}

then i used it to my controllers

[CustomAuthorization(Url = "/Admin/Account/Login", Roles = "Admin")]public abstract class AdminController : Controller { }

so, basically i can use it to redirect to different login page when roles is not met. I have few areas and each of them have different login page. I tried using the CookieAuthenticationOptions like this

services.Configure
     
      (options =>{    options.AuthenticationScheme = "Admin";    options.LoginPath = "/Admin/Account/Login";});
     

then on my admin controller

[Area("Admin")][Authorize(ActiveAuthenticationSchemes = "Admin", Roles = "Admin")]

but after i login, it still cant get in.

1 answer

• answered 2016-11-06 13:17

  I am doing something similar in one of my projects.  This answer is NOT using AuthorizeAttribute; but it might help some one landing here from a google search. In my case I am using it to authorize based on custom logic.

  First my custom attribute class:

  public class CustomAuthorizationAttribute : ActionFilterAttribute{    private readonly IMyDepedency _dp;    public CustomAuthorizationAttribute(IMyDepedency dp)    {        _dp = dp;    }    public override void OnActionExecuting(ActionExecutingContext context)    {        var isValid = false;       //write my validation and authorization logic here         if(!isValid)        {            var unauthResult = new UnauthorizedResult();            context.Result = unauthResult;                        }        base.OnActionExecuting(context);    }}

  I decorate my controllers like this:

  [ServiceFilter(typeof (CustomAuthorizationAttribute))]

  Then in my Startup class

  public void ConfigureServices(IServiceCollection services){     // Add framework services.     services.AddMvc();   // my other stuff that is not relevant in this post     // Security     services.AddTransient
         
          (); }