asp.net web api - How to customize the System.Web.Http.AuthorizeAttribute with Microsoft.Owin.Security? -


i've implemented custom authorizeattribute in webapi (note different mvc authorizeattribute).

i've overridden onauthorization method. in method check if user authenticated. if not authenticated, challenge user login.

part of custom logic check authenticated users if authorized continue (basically check name/email. if exists in predefined list, have access).

the issue see this: after user authenticates fails authorized, see there infinite loop redirection login page.

again, challenege user credentials in onauthorization method. might causing infinite looping, , how prevent once user has been determined have no authorization?

* updated snippet *

public override void onauthorization(system.web.http.controllers.httpactioncontext actioncontext) {     base.onauthorization(actioncontext); // should here?      var owincontext = httpcontext.current.getowincontext();     var authenticated = owincontext.authentication.user.identity.isauthenticated;     var request = system.web.httpcontext.current.request;      if (!authenticated)     {             // challenge user crednetials         if (!request.isauthenticated)         {             // user requested login.             owincontext.authentication.challenge(                 new authenticationproperties { redirecturi = "/" },                 wsfederationauthenticationdefaults.authenticationtype);         }     }     else     {         // @ point user ia authenticated.         // lets check if user authorized application.         var isauthorized = securityhelper.isuserauthorized();         if (isauthorized)         {             // authorized.             return;         }          // not authorized.         actioncontext.response = new system.net.http.httpresponsemessage(system.net.httpstatuscode.unauthorized);     } }

you try removing onauthorization , adding this:

protected override bool isauthorized(httpactioncontext actioncontext) {     var owincontext = httpcontext.current.getowincontext();     var authenticated = owincontext.authentication.user.identity.isauthenticated;      return authenticated & securityhelper.isuserauthorized();  }

i don't why you're redirecting on failed authentication, surely api should return 401?


Comments

Post a Comment

Popular posts from this blog

cakephp - simple blog with croogo -

i not problem, made simple blog in croogo, problem is not adding or modifying or delete, because arabic language ?? function add in controller `public function admin_add() { $this->set('title_for_layout', __('add part')); if (!empty($this->request->data)) { $this->part->create(); if ($this->part->save($this->request->data)) { $this->session->setflash(__('the part has been saved'), 'default', array('class' => 'success')); $this->redirect(array('action' => 'index'));//, $this->part->id)); } else { $this->session->setflash(__('the part not saved. please, try again.'), 'default', array('class' => 'error')); } } }` => model `class part extends appmodel { public $name = 'part'; var $belongst...
Read more

How to group boxplot outliers in gnuplot -

i have large set of data points. try plot them boxplot, of outliers exact same value , represented on line beside each other. found how set horizontal distance between outliers in gnuplot boxplot , doesn't much, apparently not possible. is possible group outliers together, print 1 point , print number in brackets beside indicate how many points there are? think make more readable in graph. for information, have 3 boxplots 1 x value , times 6 in 1 graph. using gnuplot 5 , played around pointsize, doesn't reduce distance anymore. hope can help! edit: set terminal pdf set output 'dat.pdf' file0 = 'dat1.dat' file1 = 'dat2.dat' file2 = 'dat3.dat' set pointsize 0.2 set notitle set xlabel 'x' set ylabel 'y' header = system('head -1 '.file0); n = words(header) set xtics ('' 1) set [i=1:n] xtics add (word(header, i) i) set style data boxplot plot file0 using (1-0.25):1:(0.2) boxplot lw 2 lc rgb '#8b0000...
Read more

bash - Performing variable substitution in a string -

i have string contains use of variable, , i'd substitute variable's value string. right best have is #!/bin/bash foo='$name; echo bar' name="the name" expanded="$(eval echo "$foo")" echo "$expanded" which has obvious defects: prints the name bar while i'd print the name; echo bar instead of eval can bash's regex matching bash's string replacement: foo='$name; echo bar' name="the name" [[ "$foo" =~ \$([[:alnum:]]+) ]] && s="${!bash_rematch[1]}" && expanded="${foo/\$${bash_rematch[1]}/$s}" echo "$expanded" name; echo bar
Read more