Custom Forwarding from AuthorizationHandler (ASP.NET Core)

Question

Custom Forwarding from AuthorizationHandler (ASP.NET Core)

I use middleware for authentication that handles API requests for a third-party service. This middleware then establishes the claims that are later processed by the AuthorizationHandler in conjunction with the IAuthorizationRequirement and user policy.

The intermediate link works, and I can build the formulas:

context.User.AddIdentity(identity); // contains claims

Where I am stuck is redirected to a specific URL (there are special rules for where we need to redirect) from a handler or attribute. From the handler, I tried:

 var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext; mvcContext.Result = new RedirectToActionResult("login", "home", null);

but he is ignored; only 401 is returned. AuthorizeAttribute no longer has OnAuthorization, so I cannot use this ...

Thoughts? Thanks.

+5

authorization asp.net-core asp.net-core-mvc asp.net-core-middleware

pbz Jan 17 '17 at 21:10

source share

1 answer

Christopher J. · Answer 1 · 2017-02-16T10:44:25+0000

If the only thing you want to try in your middleware API is to execute the LogIn behavior , as your code seems to explain , these possible cases, in my opinion, make you think:

If /login/home redirected to a web page:
- You should use HttpContext.Response.Redirect to redirect to the LogIn web page. As the documentation says , this will send 301 code that any web browser can interpret. HttpContext is available in the Invoke method.
If /login/home redirected to a controller that runs logic that checks the user ID:
- Instead, you can verify your user’s identity within an intermediate layer, rather than on a separate route. Like the great Nate Barbettini .

See also the Nate post and this question .

Custom Forwarding from AuthorizationHandler (ASP.NET Core)

More articles: