How to call controller method in global.asax? - c#

I want to call controller method in Global.asax. Code is given below.
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
//here we can subscribe user to a role via Roles.AddUserToRole()
}
}
This event is in global.asax. I want to call controller method which return user permissions from database. How this is possible to call controller method here after that I will save user permissions in session and my controller constructor? Code is given below.
public class AccountController : Controller
{
private readonly ISecurityService securityService;
public AccountController(ISecurityService securityService)
{
this.securityService = securityService;
}
}
Please guide me.

You could handle this using a custom AuthorizeAttribute. This allows you to place an attribute on the top of any controllers / methods which you require authentication to be successful in order to call. This lets you override AuthorizeCore which you can then use to do any custom authorization you want to perform. You can also save any other information to session from this method.
For example:
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// do your own athorization stuff here
}
}
Then you can decorate you controllers that require the use of this authorization either with your attribute:
[CustomAuthorize]
public class AccountController : Controller
{
}
Or using a base controller:
[CustomAuthorize]
public class BaseAuthController : Controller
{
}
public class AccountController : BaseAuthController
{
}

i Resolve this issue by my self i call service method in global.asax by resolving dependency issue below is the solution of the above problem.
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
IUnityContainer container = GetUnityContainer();
ISecurityService securityService = container.Resolve<SecurityService>();
var list = securityService.GetUserRolesandPermissions("1");
}
}
Thank you every one.

Related

OnActionExecuting Not Getting Executed

I am troubleshooting a ASP.NET MVC application and on one server the OnActionExecuting is not firing. It has been a long time since I looked at filters. What can keep the OnActionExecuting from running? The effect in our application is the user context never really gets set up (Initialize)... so everything redirects the user back to the login page.
Here is the code of the filter. Note "Jupiter" was the codename of the project
public class JupiterAuthenticationFilter : IActionFilter
{
private readonly IJupiterContext _jupiterContext;
public JupiterAuthenticationFilter(IJupiterContext jupiterContext)
{
if (jupiterContext == null)
{
throw new ArgumentNullException("jupiterContext");
}
_jupiterContext = jupiterContext;
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
_jupiterContext.Initialize();
}
public void OnActionExecuted(ActionExecutedContext filterContext)
{
}
}
It can happen when your Controller has System.Web.MVC implementation, but ActionFilter has System.Web.Http.

base method is not fired in mvc 5

I have the following base controller
public class BaseController : Controller
{
protected override void Execute(RequestContext requestContext)
{
base.Execute(requestContext);
}
}
Implementation is
public class HomeController : BaseController { }
we upgraded from mvc3 to mvc5 , in mvc5 this method is not getting called what needs to be done here ?
It's not entirely clear what your after but here's a few questions. Are your normal controllers inheriting your BaseController?
public class MyController : BaseController
I don't see what this line is meant to do....
var global = requestContext.HttpContext.Request.QueryString["global"] == null ? true : false;
You set the value then don't do anything with it. Are you meaning to store this value in the base controller so that you can access it from all your other controllers?
And surely if global is missing from the querystring then it should be false and not true.
public class BaseController : Controller
{
public bool isGlobal { get; private set; }
protected override void Execute(RequestContext requestContext)
{
this.isGlobal = requestContext.HttpContext.Request.QueryString["global"] == null ? false : true;
base.Execute(requestContext);
}
}
The title of this question led me here, but it's not really the same problem I was experiencing (i.e. the overridden Execute method in a base controller class not being called in an MVC 4/5 web site).
If that is the problem you are having too, this is the solution I found. It appears the way in which these methods are called has changed with the introduction of Async support. Instead of overriding the Execute method you should override the OnActionExecuted method instead.
protected override void OnActionExecuted(ActionExecutedContext filterContext)
{
}

Custom authorization attribute not working in WebAPI

public class CustomAuthorizeAttribute : AuthorizationFilterAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return true;// if my current user is authorised
}
}
Above is my CustomAuthorizeAttribute Class
and
[CustomAuthorize] // both [CustomAuthorize] and [CustomAuthorizeAttribute ] I tried
public class ProfileController : ApiController
{
//My Code..
}
When I'm calling
http://localhost:1142/api/Profile
It is not firing CustomAuthorizeAttribute
More over My FilterConfig class is look like below
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new CustomAuthorizeAttribute());
}
}
Please help if I miss something.
Looks like you are using an MVC filter instead of a Web API filter. It can be detected in the sample because it uses HttpContextBase. Instead use the filter from the System.Web.Http.Filters namespace.
You need to override OnAuthorization or OnAuthorizationAsync on the Web API filter.
You don't need to register a global filter and decorate your controller with it. Registering it will make it run for all controllers.
Web API filter code:
https://github.com/aspnetwebstack/aspnetwebstack/blob/master/src/System.Web.Http/Filters/AuthorizationFilterAttribute.cs
YOur custom attribute should inherit from System.Web.Http.Filters.AuthorizationFilterAttribute
and it should look like this
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
public class CustomAuthorizeAttribute : System.Web.Http.Filters.AuthorizationFilterAttribute
{
public override bool AllowMultiple
{
get { return false; }
}
public override void OnAuthorization(HttpActionContext actionContext)
{
//Perform your logic here
base.OnAuthorization(actionContext);
}
}
Try with this.
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
{
return true;
}
}
To add onto the other answers that have you inherit from System.Web.Http.Filters.AuthorizationFilterAttribute, I put this into my OnAuthorization method to make sure the user was logged in:
if (!actionContext.RequestContext.Principal.Identity.IsAuthenticated)
{
// or whatever sort you want to do to end the execution of the request
throw new HttpException(403, "Forbidden");
}

Using Decorator Pattern with an ASP.NET (non-MVC) page

I've only recently started to develop in ASP.NET, though I've been using C# for several years now. My first approach to ASP.NET was using MVC 4, but now I find myself working on a project that uses plain ASP.NET pages. I'm at a loss as to how the general framework works.
Specifically, I have no idea how to implement the Decorator Pattern in an ASP.NET page. I have a Product.aspx page and I have to add a feature to it. I thought that Decorator Pattern would be best based on the task requirements, and I immediately figured out how I would use it in MVC, since the actual logic that is executed lies in the Controller Action: there I would instantiate my decorator object.
But I have no idea how to do it in ASP.NET. As far as I can see, when the browser requests Product.aspx "something" creates an object of class Product (derived from Page), and then it's too late to decorate it.
Is it therefore possible to decorate a whole ASP.NET page (not just an object used by the code behind)? How would I do that?
I am not exactly sure what you wanna decorate, but;
You can create an HttpHandler that lets you do your work on a particular request as follows
public class MyHttpHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
if (context.Request.RawUrl.Contains("product.aspx"))
{
// may be you can execute your decorate business here
}
}
public bool IsReusable { get { return false; } }
}
Or may be you can use Global.asax 's OnBeginRequest event like as follows
public class Global : HttpApplication
{
void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
BundleConfig.RegisterBundles(BundleTable.Bundles);
AuthConfig.RegisterOpenAuth();
RouteConfig.RegisterRoutes(RouteTable.Routes);
base.BeginRequest += OnBeginRequest;
}
private void OnBeginRequest(object sender, EventArgs e)
{
if (Request.RawUrl.Contains("product.aspx"))
{
//execute your business here..
}
}
First of all, according to your comment below the question, I can say that you should implement your showcase as a web user control (ascx)
You can decorate your ShowCase as follows,
public partial class ShowCase : System.Web.UI.UserControl, IShowCase
{
protected void Page_Load(object sender, EventArgs e){}
public void ApplyConfiguration(IConfiguration configuration)
{
throw new NotImplementedException();
}
}
public interface IShowCase
{
void ApplyConfiguration(IConfiguration configuration);
}
public abstract class Decorator : IShowCase
{
protected IShowCase ShowCase;
protected Decorator(IShowCase showcase)
{
ShowCase = showcase;
}
public virtual void ApplyConfiguration(IConfiguration configuration)
{
ShowCase.ApplyConfiguration(configuration);
}
}
public class ShowCaseDecoratorA : Decorator
{
public ShowCaseDecoratorA(IShowCase showcase) : base(showcase){ }
public override void ApplyConfiguration(IConfiguration configuration)
{
base.ApplyConfiguration(configuration);
//depending on the configuration, do something..
ShowCase.Visible = false;
}
}
public interface IConfiguration
{
//configuration
}
Then, from inside the page that uses ShowCase user control, you do something like this,
public partial class _Default : Page
{
protected void Page_Load(object sender, EventArgs e)
{
IConfiguration configuration = ConfigurationFactory.Get();
new ShowCaseDecoratorA(this.ShowCase).ApplyConfiguration(configuration);
}
}
I hope this gives you some inspiration..

How to allow [Authorize] inside a custom AuthorizeAttribute

I have a custom AuthorizeAttribute like this
public class DevMode : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if (myConditionToAuthorize)
{
// how to allow [Authorize] ?
}
}
}
The problem is that it is used along with [Authorize] tag like this:
[Authorize, DevMode]
public class UserController : ApiController { ... }
I need to allow [Authorize] == true inside [DevMode]
Or it is better to put them all together inside a unique authorize class? But then I dont know tho to check Authorize data.
Or it is better to put them all together inside a unique authorize class?
Oh yes, that would indeed be better. You could simply derive from the AuthorizeAttribute and call the base method:
public class DevModeAttribute : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var authorize = base.IsAuthorized(actionContext);
if (!authorized)
{
// the user is not authorized, no need to go any further
return false;
}
// now apply your custom authorization logic here and return true or false
...
}
}
and then:
[DevMode]
public class UserController : ApiController { ... }
I used this to add a custom IsAdmin (based on claims) using this method
public class IsAdminAttribute : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
IPrincipal principal = actionContext.RequestContext.Principal;
return principal.IsAdmin();
}
}
it kind of answers my own last comment so hope it helps someone else please note the .IsAdmin is an extension method on the IPrincipal that checks claims.

Categories