I'm trying out some of the new stuff in VS2013 RC with MVC5 and the new OWIN authentication middleware.
So, I'm used to using the [Authorize]
attribute to limit actions by role but I'm trying to use claims/activity based authorization, and I can't find an equivalent attribute for it.
Is there an obvious one I'm missing or do I need to roll my own? I kinda expected there to be one out of the box.
What I'm looking for specifically is something along the lines of [Authorize("ClaimType","ClaimValue")]
I suppose.
Thanks in advance.
I ended up just writing a simple attribute to handle it. I couldn't find anything in the framework right out of the box without a bunch of extra config. Listed below.
public class ClaimsAuthorizeAttribute : AuthorizeAttribute
{
private string claimType;
private string claimValue;
public ClaimsAuthorizeAttribute(string type, string value)
{
this.claimType = type;
this.claimValue = value;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
var user = filterContext.HttpContext.User as ClaimsPrincipal;
if (user != null && user.HasClaim(claimType, claimValue))
{
base.OnAuthorization(filterContext);
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
Of course, you could remove the type and value params if you were happy to use the controller-action-verb triplet for claims somehow.