authorize-attribute

问题 I have an application which requires role authorization using custom database. The database is set up with a tblUsers table that has a reference to a tblRoles table. The users are also already assigned to their roles. I also want to use the [Authorize(Role = "RoleName")] attribute on each action to check if an authenticated user is assigned to "RoleName" in the database. I'm having a lot of trouble figuring out where I need to make a modification to the [Authorize] attribute so it behaves

问题 When ever i publish my web site with debug="false" mode and BundleTable.EnableOptimizations = true the server returns the following exception for bundled scripts and styles while requests are just for non authorized requests! But if I run application with debug="true" or user is logged in (via forms authentication in release mode) the exception does not occur and every thins works just fine. I think there should be a relation between bundling and authentication!! as the exception indicates.

问题 I have the follow Custom AuthorizeAttribute: public class SystemAuthorizeAttribute : AuthorizeAttribute { public Form PermissionForm { get; set; } //Enum public PermissionValue Permissions { get; set; }//Enum public override void OnAuthorization(AuthorizationContext filterContext) { //Request is an Authenticated Method? if (filterContext.HttpContext.Request.IsAuthenticated) { Debug.WriteLine("Test 1 " + PermissionForm); if (!CurrentUserHasPermissionForm(PermissionForm)) { //Deny access code }

问题 I have created a new asp.net MVC core web application and i set it to use Work or School Accounts with multiple organization, as follow:- now if i add [Authorize] attribute to an action method then the user will be asked to login first. but my question is how i can only allow certain users to access the action method? Second question , is how i can prevent users from logging to the application unless they are inside a predefined list? 回答1: You have to add the Roles in authorize attribute. For

问题 I have created a new asp.net MVC core web application and i set it to use Work or School Accounts with multiple organization, as follow:- now if i add [Authorize] attribute to an action method then the user will be asked to login first. but my question is how i can only allow certain users to access the action method? Second question , is how i can prevent users from logging to the application unless they are inside a predefined list? 回答1: You have to add the Roles in authorize attribute. For

来源： https://stackoverflow.com/questions/51568427/creating-custom-authorizeattribute-in-web-api-net-framework

来源： https://stackoverflow.com/questions/51568427/creating-custom-authorizeattribute-in-web-api-net-framework

问题 I'd like to simply check for an Api Key — sent up in the Authorization header — prior to allowing certain Web API endpoints from getting hit. For the sake of this question, let's assume the ApiKey is 12345 . I just want to check the value of this Api Key prior to reaching the specific action method. I can't figure out whether or not this calls for a custom AuthorizeAttribute or an action filter. 回答1: Simply, I make a request GET with header is Authorization: apiKey 12345 The authorization

问题 So I've found bits and pieces that have enlightened me some on the [Authorize] tag, but nothing that solves my problem. My scenario is that I have Web Api methods that I want to hit with integration tests using RestSharp. However RestSharp is getting my login page, instead of the results of the call. [Authorize] public Item GetItem([FromBody] int id) { return service.GetItem(id); } The product uses a custom login system, and what I would REALLY like would be a way to disable the [Authorize]

问题 I am using ASP.NET MVC 4 Web application as a front-end for some WCF services. All the user log in/log out and session control is done on the back-end. MVC app should only store a single cookie with session ID. My client does not allow to use Forms Authentication, everything must be customized. I have set up the following in my web.config: <system.web> ... <authentication mode="None" /> </system.web> <system.webServer> <modules> ... <remove name="FormsAuthentication" /> ... </modules> <