Asp.net vnext. mvc 6. Implementing simple custom authorization
I am writing a simple REST service to support vNext and new MVC. I want to understand how to create a simple OWIN authorization with custom logic. For example, imagine that a service only has a simple list of tokens in memory and I want to check that the request contains a token that exists in that list.
If I understand correctly, I just need to override the AuthorizeAttribute class, but I cannot find how to do it correctly.
public class CustomAuthorize : AuthorizeAttribute
{
public override Task OnAuthorizationAsync(AuthorizationContext context)
{
return base.OnAuthorizationAsync(context);
}
}
If I misunderstood this, could you please explain which classes I need to use and if I can do it.
+3
source to share
1 answer
You can use:
public class AuthorizeClass: ActionFilterAttribute
{
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (context.HttpContext.Session["token"] == null || context.HttpContext.Session["user"] == null)
{
context.HttpContext.Response.Redirect("/login");
}
await next();
}
}
+4
source to share