Extend AuthorizeAttribute Override AuthorizeCore or OnAuthorization

asp.net-mvc asp.net-mvc-3 authorization action-filter
Nick Olsen picture Nick Olsen · Jul 28, 2011 · Viewed 18.6k times · Source

Using ASP.NET MVC I am creating a custom Authorize attribute to take care of some custom authorization logic. I have looked at a lot of examples and it is pretty straight forward but my question is which method is best to override, AuthorizeCore or OnAuthorization? I have seen many examples overriding one or the other. Is there a difference?

Answer

BonyT picture BonyT · Jul 28, 2011

The clue is in the return types:

AuthorizeCore returns a boolean - it is decision making code. This should be limited to looking at the user's identity and testing which roles they are in etc. etc. Basically it should answer the question:

Do I want this user to proceed?

It should not perform any additional activities "on the side".

OnAuthorize returns void - this is where you put any functionality that needs to occur at this point. e.g. Write to a log, store some data in session etc etc.

Related questions

Get ActionName, ControllerName and AreaName and pass it in ActionFilter Attribute

I use a custom AuthorizationFilter like the followings: public class ActionAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { if(!httpContext.User.Identity.IsAuthenticated) return false; if(IsUserExcluded()) return false; else return IsRoleAuthorize(httpContext); } } I use this filter at …

Read More
Bypass or turn off [Authorize(Roles="")] during development?

Building an MVC3 application, and TPTB want us to use their custom authorization provider. However, during development this auth provider is kind of a pain, since it will either give an error til you shut down/restart the browser, or …

Read More
HTML.ActionLink vs Url.Action in ASP.NET Razor

Is there any difference between HTML.ActionLink vs Url.Action or they are just two ways of doing the same thing? When should I prefer one over the other?

Read More