This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm migrating an ASP.NET MVC 5 project to ASP.NET Core MVC (.NET 5). In the previous project I had a
CustomAuthorizeAttribute
that checks if a user is locked o not (the first
else if (applicationUser.IsLocked)
statement).
public class CustomAuthorizeAttribute: AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
ActionResult actionResult = filterContext.Result;
int statusCode = filterContext.HttpContext.Response.StatusCode;
ApplicationUser applicationUser = filterContext.HttpContext.User.ApplicationUser();
if (applicationUser == null || string.IsNullOrEmpty(filterContext.HttpContext.User.Identity.GetUserName()))
{
base.OnAuthorization(filterContext);
}
else if (applicationUser.IsLocked)
{
filterContext.Result = new RedirectResult("~/home/unauthorized");
}
// If they are authorized, handle accordingly
else if (this.AuthorizeCore(filterContext.HttpContext))
{
base.OnAuthorization(filterContext);
}
else
{
// Otherwise redirect to your specific authorized area
filterContext.Result = new RedirectResult("~/home/unauthorized");
}
}
}
It seems that this approach is not supported in ASP.NET Core, so I would like to know if it is possible to achieve this behavior and how can I develop it.
The replacement are custom policies:
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-5.0