Base solution for your next web application
Open Closed

How extend AbpMvcAuthorizeFilter and replace it ? #1523


User avatar
0
klainer created

Hi, I want to extend base AbpMvcAuthorizeFilter (OnAuthorization method) due to custom loging level implementation. I noticed that filter is registered there: AbpWebMvcModule.cs

It is possible to replace this base filter with my own ? How can I do that in WEB module ? Thanks for your time and help!


2 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    answered here: <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/1256">https://github.com/aspnetboilerplate/as ... ssues/1256</a>

  • User Avatar
    0
    klainer created

    Hi thanks! I tried to create custom Athorizate Attribute which is deriveder from AbpMvcAuthorizeAttribute and I have problem with

    HandleUnauthorizedRequest
    

    . This method is never called in this CustomAttribute. The same problem is in

    AbpAuthorizeAttribute
    

    also not called.

    My implementation:

    public class CustomMvcAuthorizeAttribute : AbpMvcAuthorizeAttribute
        {
            public ILogger Logger { get; set; }
            public string[] Permissions { get; set; }
            public bool RequireAllPermissions { get; set; }
    
            public VSDMvcAuthorizeAttribute(params string[] permissions) :base(permissions)
            {
                Logger = NullLogger.Instance;
            }
    
            protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
            {
    
                var httpContext = filterContext.HttpContext;
    
    **var message = string.Format("'{0}' unauthorize access.",  httpContext.Request.CurrentExecutionFilePath );
                Logger.Security(message); // my custom security log**
                if (!httpContext.Request.IsAjaxRequest())
                {
                    base.HandleUnauthorizedRequest(filterContext);
                    return;
                }
    
                httpContext.Response.StatusCode = httpContext.User.Identity.IsAuthenticated == false
                                          ? (int)System.Net.HttpStatusCode.Unauthorized
                                          : (int)System.Net.HttpStatusCode.Forbidden;
    
                httpContext.Response.SuppressFormsAuthenticationRedirect = true;
                httpContext.Response.End();
    
            }
    

    Thanks for help