Share via

Authorize access to controllers depending on Locked property added to ApplicationUser

Jalza 781 Reputation points
2021-09-22T14:42:45.587+00:00

I'm migrating an ASP.NET MVC 5 project to ASP.NET Core MVC (.NET 5). In the previous project I had a
CustomAuthorizeAttribute
that checks if a user is locked o not (the first
else if (applicationUser.IsLocked)
statement).

public class CustomAuthorizeAttribute: AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        ActionResult actionResult = filterContext.Result;
        int statusCode = filterContext.HttpContext.Response.StatusCode;
        ApplicationUser applicationUser = filterContext.HttpContext.User.ApplicationUser();

        if (applicationUser == null || string.IsNullOrEmpty(filterContext.HttpContext.User.Identity.GetUserName()))
        {
            base.OnAuthorization(filterContext);
        }
        else if (applicationUser.IsLocked)
        {
            filterContext.Result = new RedirectResult("~/home/unauthorized");
        }
        // If they are authorized, handle accordingly
        else if (this.AuthorizeCore(filterContext.HttpContext))
        {
            base.OnAuthorization(filterContext);
        }
        else
        {
            // Otherwise redirect to your specific authorized area
            filterContext.Result = new RedirectResult("~/home/unauthorized");
        }
    }
}

It seems that this approach is not supported in ASP.NET Core, so I would like to know if it is possible to achieve this behavior and how can I develop it.

Developer technologies | ASP.NET | ASP.NET Core
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 83,741 Reputation points
    2021-09-22T15:15:56.337+00:00
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.