asp.net web api2 - Get AuthorizeAttribute to work roles with start and expiration date in web api 2 application ? -


i need modify user roles in web api 2 project using identity 2 adding additional properties: datetime startdate , datetime enddate. required able grant users roles limited period of time.

what need authorize attribute such [authorize(role="poweruser")] etc. understand role dates?

according source (https://github.com/asp-net-mvc/aspnetwebstack/blob/master/src/system.web.http/authorizeattribute.cs) filter calls iprincipal.isinrole:

protected virtual bool isauthorized(httpactioncontext actioncontext) {     ...       if (_rolessplit.length > 0 && !_rolessplit.any(user.isinrole))     {         return false;     }      return true; } 

looks need subclass implementation of iprincipal in httpactioncontext.controllercontext.requestcontext.principal , somehow inject somewhere in life cycle instead of default implementation.

how do this?

just create custom implementation of of authorizeattribute userauthorize , instead of using [authorize(role="poweruser")] use [userauthorize(role="poweruser")]. userauthorize implmentation this:

public class userauthorizeattribute : authorizeattribute {     /// <summary>     /// validate user request selected feature     /// </summary>     /// <param name="httpcontext"></param>     /// <returns></returns>     protected override bool authorizecore(httpcontextbase httpcontext)     {         var isauthorized = base.authorizecore(httpcontext);         if(!isauthorized) {             return false; //user not logged in         }         //your custom logic here      } 

Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -