3

Closed

Custom Authorize attribute hides nodes

description

Hello,

I have current custom Authorize attribute:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class SiteAuthorizeAttribute : AuthorizeAttribute
{
    private Type userInRole;

    public SiteAuthorizeAttribute (Type userInRole)
    {
        if (userInRole == null) throw new ArgumentNullException("userInRole");
        this.userInRole = userInRole;
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null) { throw new ArgumentNullException("filterContext"); }

        base.OnAuthorization(filterContext);

        if (!filterContext.HttpContext.User.Identity.IsAuthenticated) return;

        var session = DependencyResolver.Current.GetService<ISession>();
        var dbContext = DependencyResolver.Current.GetService<IDbContext>();
        dbContext.BeginTransaction();
        var user = session.Get<User>(Convert.ToInt64(filterContext.HttpContext.User.Identity.Name));

        if (user.GetType() == this.userInRole) return;

        filterContext.RequestContext.HttpContext.Response.StatusCode = (int) HttpStatusCode.Forbidden;
        filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary
                    {
                            { "controller", "Error" },
                            { "action", "Forbidden403" },
                            { "area", "" }
                    });
        dbContext.CommitTransaction();
        return;
    }
}
When I implement this attribute to some Action method or Controller - I can't see this Action in my Menu or Breadcrumbs. What is problem?
Closed Nov 22, 2011 at 6:34 AM by maartenba

comments

tnero wrote Oct 27, 2011 at 9:11 PM

Hi,

It seems the SiteMapProvider only works with custom authorization attributes that inherit AuthorizationAttribute and implement AuthorizeCore. The internals of the SiteMapProvider always do a check against AuthorizeCore not OnAuthorization.

With that said, I have done some testing and can't get things working whether or not I implement AuthorizeCore. I even hardcoded to return true always and my menu items still don't show up. Something is wrong.

Here's the source code:
http://www.java2s.com/Open-Source/ASP.NET/MVC/mvcsitemap/Main/src/MvcSiteMapProvider/MvcSiteMapProvider/AuthorizeAttributeAclModule.cs.htm

See the line where it says: if (!subclassedAttribute.IsAuthorized(controllerContext.HttpContext))

angelusua wrote Oct 31, 2011 at 9:52 AM

I resolve this issue with creating another ActionFilter attribute (RequiredRoleAttribute) for checking my custom roles, and use standart Authorize attribute in conjunction with new RequiredRole attribute. And all working fine now. Of course I need manualy manage visibility nodes in my Menu for different roles, but this acceptable for now. Thanks for help

dsle wrote May 3, 2012 at 6:18 AM

Is there any solution or a plan to fix for this issue?