ASP.NET IAuthorizationFilter OnAuthorization

Question

Hi I am trying to implement a custom Authorization filter

 //The Authourization attribute on a controller
public class CustomAdminAuthorizationFilter : IAuth         


        

Answer 1

Change that to an Attribute, not simple a IAuthorizationFilter

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class SageAdminAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter
{
    readonly IAuthentication _authentication;

    public SageAdminAuthorizeAttribute(IAuthentication authentication)
    {
        _authentication = authentication;
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (!_authentication.Authorize(filterContext.HttpContext))
            filterContext.Result = new HttpUnauthorizedResult();
    }
}

And now rather than using [Authorize] use your new [SageAdminAuthorize] attribute

[SageAdminAuthorize]
public ActionResult Index()
{
    ViewBag.Title = "Welcome";
    ViewBag.Message = "Welcome to ASP.NET MVC!";

    return View();
}