Get ActionName, ControllerName and AreaName and pass it in ActionFilter Attribute

Question

I use a custom AuthorizationFilter like the followings:

public class ActionAuthorizeAttribute : AuthorizeAttribute {

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) {

        if(!httpContext.User.Identity.IsAuthenticated)
            return false;

        if(IsUserExcluded())
            return false;
        else
            return IsRoleAuthorize(httpContext);
    }
}

I use this filter at the top of each action I have, and for check Is Authorized, need Action Name, Controller Name, And Area Name. So is there any way to get this names in AuthorizeCore() method like use System.Web.HttpContextBase? if answer is No then how can I get this names and pass it to attribute, obviously I don't want to add each name by hand, actually something likeViewContext.RouteData.Values["Controller"] in controllers:

[ActionAuthorize(actionName=Action, controller=ControllerName, area=AreaName)]
public ActionResult Index() {
    return View();
}

Does any one have any idea about it?

Answer 1

You could fetch them from the RouteData:

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
    var rd = httpContext.Request.RequestContext.RouteData;
    string currentAction = rd.GetRequiredString("action");
    string currentController = rd.GetRequiredString("controller");
    string currentArea = rd.Values["area"] as string;

    ...

}

Answer 2

Face the same issue just a moment ago and my solution is:

1. Define 2 attributes in your ActionAuthorizeAttribute class e.g.

   public string ControllerName {get;set;}
   public string ActionName {get;set;}
   

2. While annotating your action of the controller specify them e.g.

   [ActionAuthorize(Roles="Admin", ContollerName="ControllerName",ActionName="ActionName")]**
   public ActionResult Disable(int id)
   {
    ...
   }
   

Answer 3

Getting the area will not work if you are on a custom filter the next will work to get an area

filterContext.RouteData.DataTokens["area"]

Answer 4

> namespace dene.kontroller {
>     public class daAttribute: AuthorizeAttribute
>     {
>         private Entities db = new Entities();
>         private readonly string[] allowedroles;
>         public daAttribute(params string[] roles)
>         {
>             this.allowedroles = roles;
>         }
> 
> 
>         protected override bool AuthorizeCore(HttpContextBase httpContext)
>         {
>             bool authorize = false;
>             foreach (var role in allowedroles)
>             {
>                 if (role == HttpContext.Current.User.Identity.Name)
>                 {
>                      
>                     if (role!= null)
>                     {
>                         authorize = true;
>                     }
>                 }
>                 
> 
>             }
>             return authorize;
>         }
> 
> 
>         protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
>         {
> 
>             FormsAuthentication.SignOut();
>             filterContext.Result = new HttpUnauthorizedResult();
>         }
> 
>     } }

Answer 5

If getting the area did not work, you can fetch are from the RouteData in this way:

 string currentArea = string.Empty;
 if (rd.DataTokens.TryGetValue("area", out object area))
 {
     currentArea = area.ToString();
 }