Get ActionName, ControllerName and AreaName and pass it in ActionFilter Attribute

Asked 2/4, 2012 at 12:31 Answered 5/10, 2020 at 9:6

Solved asp.net-mvc asp.net-mvc-3 authorization action-filter authorize-attribute

I use a custom AuthorizationFilter like the followings:

public class ActionAuthorizeAttribute : AuthorizeAttribute {

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) {

        if(!httpContext.User.Identity.IsAuthenticated)
            return false;

        if(IsUserExcluded())
            return false;
        else
            return IsRoleAuthorize(httpContext);
    }
}

I use this filter at the top of each action I have, and for check Is Authorized, need Action Name, Controller Name, And Area Name. So is there any way to get this names in AuthorizeCore() method like use System.Web.HttpContextBase? if answer is No then how can I get this names and pass it to attribute, obviously I don't want to add each name by hand, actually something likeViewContext.RouteData.Values["Controller"] in controllers:

[ActionAuthorize(actionName=Action, controller=ControllerName, area=AreaName)]
public ActionResult Index() {
    return View();
}

Does any one have any idea about it?

Reisinger answered 2/4, 2012 at 12:31 Comment(0)

You could fetch them from the RouteData:

protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
    var rd = httpContext.Request.RequestContext.RouteData;
    string currentAction = rd.GetRequiredString("action");
    string currentController = rd.GetRequiredString("controller");
    string currentArea = rd.Values["area"] as string;

    ...

}

Napoli answered 2/4, 2012 at 12:48 Comment(5)

"You could fetch them from the RouteData" Isn't a good answer. Now it was edited, I'll revert. – Diffractive 2/4, 2012 at 12:52

This could be just in ASP.NET MVC 4, but the area is found in rd.DataTokens["area"]. – Arenicolous 11/2, 2013 at 8:56

You should change the line var rd = httpContext.Request.RequestContext.RouteData; to var rd = HttpContext.Current.Request.RequestContext.RouteData; better to use the standard one than a parameter :) – Abiosis 13/3, 2014 at 14:40

@AndersM., I would rather not do that. That would render my code extremely unit-test unfriendly. I always prefer working with abstractions. Can't remember when I last used HttpContext.Current in my career. – Napoli 17/3, 2014 at 8:14

The area name will not be contained in the Values RouteValueDictionary. Rather, it will be contained in the DataTokens property, so to get the area you would want rd.DataTokens["area"] as string – Lemuel 4/6, 2014 at 19:16

Face the same issue just a moment ago and my solution is:

Define 2 attributes in your ActionAuthorizeAttribute class e.g.

public string ControllerName {get;set;}
public string ActionName {get;set;}

While annotating your action of the controller specify them e.g.

[ActionAuthorize(Roles="Admin", ContollerName="ControllerName",ActionName="ActionName")]**
public ActionResult Disable(int id)
{
 ...
}

Borgerhout answered 18/8, 2014 at 7:27 Comment(0)

Getting the area will not work if you are on a custom filter the next will work to get an area

filterContext.RouteData.DataTokens["area"]

Bissonnette answered 22/8, 2017 at 2:23 Comment(0)

> namespace dene.kontroller {
>     public class daAttribute: AuthorizeAttribute
>     {
>         private Entities db = new Entities();
>         private readonly string[] allowedroles;
>         public daAttribute(params string[] roles)
>         {
>             this.allowedroles = roles;
>         }
> 
> 
>         protected override bool AuthorizeCore(HttpContextBase httpContext)
>         {
>             bool authorize = false;
>             foreach (var role in allowedroles)
>             {
>                 if (role == HttpContext.Current.User.Identity.Name)
>                 {
>                      
>                     if (role!= null)
>                     {
>                         authorize = true;
>                     }
>                 }
>                 
> 
>             }
>             return authorize;
>         }
> 
> 
>         protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
>         {
> 
>             FormsAuthentication.SignOut();
>             filterContext.Result = new HttpUnauthorizedResult();
>         }
> 
>     } }

Giglio answered 18/8, 2019 at 10:1 Comment(0)

If getting the area did not work, you can fetch are from the RouteData in this way:

 string currentArea = string.Empty;
 if (rd.DataTokens.TryGetValue("area", out object area))
 {
     currentArea = area.ToString();
 }

Muscatel answered 5/10, 2020 at 9:6 Comment(0)

Recommended topics

Hot tags