asp.net - WebApi's OnAuthorizarion - Clarification? -



asp.net - WebApi's OnAuthorizarion - Clarification? -

looking @ custom authorizeattribute , know right method checking authorization isauthorized method :

for illustration :

protected override bool isauthorized(httpactioncontext actioncontext) { bool isauthroized = base.isauthorized(actioncontext); homecoming isauthroized && my_other_conditions; //! }

like said know that.

but let's i've decided override onauthorization :

here example code existing library:

public class customerordersauthorizeattribute : authorizeattribute { public override void onauthorization(httpactioncontext actioncontext) { base.onauthorization(actioncontext); // if not authorized @ all, don't bother checking // client - order relation if (actioncontext.response == null) { //get client key int customerkey = getcustomerkey(actioncontext.request.getroutedata()); //check customer-order relation if (!customer.name.equals(thread.currentprincipal.identity.name)) { actioncontext.response = request.createresponse(httpstatuscode.unauthorized); } } } }

question:

looking @ author's code : if (actioncontext.response == null) {...} , comment : "if not authorized @ all"

— right way checking if exception has not occurred in onauthorization method ? checking response == null ? (which means : no exception output base.onauthorization) ?

(seems unusual me , because exception can occur , still response null.....or wrong ? - lastly thing want start investigate headers codes errors...)

nb

my question targeting webapi1 not 2.x

answer here :

read badri's lastly comment in answer

custom authorization in asp.net webapi - mess?

also here http://i.stack.imgur.com/dnlyl.jpg

asp.net asp.net-web-api web-api

Comments

Post a Comment

Popular posts from this blog

c - Compilation of a code: unkown type name string -

c - Compilation of a code: unkown type name string - i have next lines of code compiler says following: "unknown type name 'string'" both in declaration , definition of function. can tell me what's wrong? thanks. #include <stdio.h> #include <stdlib.h> #include <string.h> void frecognizeclient(string *actualclient) there no string type in c. need utilize array so: char array[10]; then can pass in function: void frecognizeclient(char *actualclient); c arrays string compilation
Read more

java - Bypassing "final local variable defined in an enclosing type" -

java - Bypassing "final local variable defined in an enclosing type" - i'm writing programme , i'm getting "the final local variable asd cannot assigned, since it's defined in enclosing type". i provide illustration not code produces error aswell. have arraylist utilize later (if define within button can't utilize later on), outside of button, pressing button should give values arraylist. in illustration "create new arraylist" cause same problem. button btn = new button("asd"); final arraylist asd = new arraylist(); btn.setonaction(new eventhandler<actionevent>() { public void handle(final actionevent event) { asd = new arraylist(); //here's error.. } }); clear arraylist , add together values. java javafx
Read more

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) -

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) - hello have problem hibernate , jackson. have 2 pojos @entity @table(name = "users") public class user implements serializable { static final long serialversionuid = 4235637833262722256l; @id @generatedvalue private int id; @column(name = "creation_date") private date creationdate; @column(name = "first_name") private string firstname; @column(name = "last_name") private string lastname; @version @column(name = "version") private int version; @column(name = "e_mail") private string email; @column(name = "enabled") private boolean enabled; @column(name = "login") private string login; @column(name = "password") private string password; @jsonmanagedreference("role") @onetomany(mappedby = "user", cascade = cascadetype.all,fetch = fetchtyp...
Read more