I am currently developing some protection to protect web service calls. I decided to extend the authorize attribute and override the isAuthorized function as well as the ActionFilterAttribute OnActionExecuted. However, as I debugged the program, I noticed that if I were to add the [Authorize (Roles = "Read")] class level and [Authorize (Roles = "Admin")] in the api function inside this class, isAuthorized called 3 times in total. This may not be a very big problem, but since in my authorized I create and verify tokens in the database. It would be ideal if I could eliminate this redundant process and work with justAuthorized, called once per service call.
public class CustomuAuthorizeAttribute : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
bool allowedAccess = true;
... logic
}
}
Override execution of OnAction. It actually only gets hits once, although theAuthorized gets hit 3 times.
public class CustomAuthorizeFilter : ActionFilterAttribute
{
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
.. logic
}
}
Edit
I found that adding [AttributeUsage (AttributeTargets.Method | AttributeTargets.Class)] to authorizeattribute sanction resolves the issue of calling several times
source
share