MVC 5: extending Authorization to redirect to an action

StackOverflow https://stackoverflow.com/questions/22369994

  •  13-06-2023
  •  | 
  •  

Question

I am trying to lock users that are authenticated but not active in their profile page (specific controller/action). By active, I mean that the authorization process needs to check the db to see if the account is active (just a column with boolean data).

This is what I have tried: However this is getting into a loop.

The idea is: if authenticated and active = show the controller/action. if not authenticated = show login page (forms auth) if authenticated and not active = show profile page.

public class CustomAuthorize : AuthorizeAttribute
{
    private ISADietRepository repository;
    public CustomAuthorize()
    {
        this.repository = new SADietRepository(new SADietEntities());
    }
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        //base.OnAuthorization(filterContext);

        if (filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            string user = filterContext.HttpContext.User.Identity.Name;
            var result = repository.GetVetClinicByEmail(user);
            if (!result.IsActive)
            {
                filterContext.Result =
                new RedirectToRouteResult(
                    new System.Web.Routing.RouteValueDictionary{{"Controller", "SADiet"},
                                                                {"Action", "NewCustomer"},
                                                                });
            }
        }
        else
        {

                filterContext.Result =
                new RedirectToRouteResult(
                    new System.Web.Routing.RouteValueDictionary{{"Controller", "SADiet"},
                                                                {"Action", "Login"},
                                                                });                                                                
        }
        base.OnAuthorization(filterContext);
    }
}

Guys I just tried this code below. It works as long as the user is authenticated. If the user is not authenticated, it no longer asks for authentication, it just run the action with no user logged in.

public class CustomAuthorize : ActionFilterAttribute
    {
        private ISADietRepository repository;
        public CustomAuthorize()
        {
            this.repository = new SADietRepository(new SADietEntities());
        }

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                string user = filterContext.HttpContext.User.Identity.Name;
                var result = repository.GetVetClinicByEmail(user);
                if (!result.IsActive)
                {
                    filterContext.Result =
                    new RedirectToRouteResult(
                        new System.Web.Routing.RouteValueDictionary{{"Controller", "MyAccount"},
                                                                    {"Action", "Profile"},
                                                                    });
                }
            }
            base.OnActionExecuting(filterContext);            
        }
    }
Was it helpful?

Solution

I have found the problem. My second code is correct. The problem is that I replaced the attribute instead of adding the new one to decorate the controller. I was doing this:

[CustomAuthorize]
    public class SADietController : Controller

instead of this:

[CustomAuthorize, Authorize]
    public class SADietController : Controller

all sorted!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top