Using action parameters in custom Authorization Attribute in ASP.NET MVC3

Question 1

Using action parameters in custom Authorization Attribute in ASP.NET MVC3

asp.net-mvc-3 authorization custom-attributes

SoonDead · Apr 5, 2011 · Viewed 16.1k times · Source

Answer

Answer

If the id is passed as request parameter (GET or POST) or as a route data parameter:

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    // first look at routedata then at request parameter:
    var id = (httpContext.Request.RequestContext.RouteData.Values["id"] as string) 
             ??
             (httpContext.Request["id"] as string);
    if (id == "8")
    {
        return base.AuthorizeCore(httpContext);
    }
    return true;
}

Question 2

I have a controller which should only request authorization when loaded with specific parameters. Like when the parameter ID is 8 for example.

I came up with using a custom validation attribute like this:

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (/* Action's inputparameter ID = 8 */)
        {
        return base.AuthorizeCore(httpContext);
        }
        return true;
    }
}

My action looks like this (not that it is interesting)

[MyAuthorize]
public ActionResult Protected(int id)
{
    /* custom logic for setting the viewmodel from the id parameter */
    return View(viewmodel);
}

The problem is as you can see that I don't know how to check for that ID parameter in the authorize attribute. Can you help me with a solution?

Using action parameters in custom Authorization Attribute in ASP.NET MVC3

Answer

Related questions