Is there a way to override AllowAnonymous
attribute? I have implemented custom authorization that loads user menus & buttons from database as below:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new MyCustomAuthorization()); // Custom Authorization for Rights & Priveleges
}
The above works fine.
Now I want to allow access to some action if a user is authenticated, no need to check authorization in this case. Example:
[Authorize]
public class MenusAndButtonsController : BaseController
{
[Authenticated] // my custom attribute that will check if user is logged in or not
public JsonResult GetGeneralMenuAndButtons()
{
using (MealPlannerAuthorizationEntities repository = new MealPlannerAuthorizationEntities())
{
var MenusAndButtons = repository.MP_AUTH_Menus.Where(x => x.IsButton == false && x.IsListButton == false).Select(c => new { DisplayText = c.MenuName, Value = c.MenuId }).OrderBy(x => x.DisplayText).ToList();
return Json(new { Result = "OK", Options = MenusAndButtons }, JsonRequestBehavior.AllowGet);
}
}
}
Instead of AllowAnonymous
, I am trying to create my own custom attribute [Authenticated]
that will check if the user is logged in or not. If user is logged in it will return true and the GetGeneralMenuAndButtons
will continue its operation.
Actually
AllowAnonymous
class is simple empty sealed attribute class.
So when we decorate an action method with AllowAnonymous
attribute, the onAuthorization
method of AuthorizeAttribute
simply ignores authorization and authentication checking. So in my case I also had to create an attribute (a blank sealed class inheriting from attribute class) and modify the OnAuthorization
method little bit.
Below is the complete implementation:
public sealed class AuthenticateAttribute : Attribute
{
public AuthenticateAttribute() { }
}
Then override the onAuthorization
method of Authorize attribute (of course I am assuming you already have custom authorization filter implemented).
public override void OnAuthorization(AuthorizationContext filterContext)
{
bool IsAuthenticAttribute =
(filterContext.ActionDescriptor.IsDefined(typeof(AuthenticateAttribute), true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AuthenticateAttribute), true)) &&
filterContext.HttpContext.User.Identity.IsAuthenticated;
if (!IsAuthenticAttribute)
{
base.OnAuthorization(filterContext);
}
}
Finally decorate your action method with our new Authenticate attribute:
[Authenticate]
public JsonResult GetParentMenus()
{
using (MealPlannerAuthorizationEntities repository = new MealPlannerAuthorizationEntities())
{
var parentMenus = repository.MP_AUTH_Menus.Where(x => x.IsButton == false && x.IsListButton == false).Select(c => new { DisplayText = c.MenuName, Value = c.MenuId }).OrderBy(x => x.DisplayText).ToList();
return Json(new { Result = "OK", Options = parentMenus }, JsonRequestBehavior.AllowGet);
}
}