4

I am trying to create a MVC Custom Authentication Attribute.

I have this method as follows: 

[DealerContextRequired]
[CustomerContextRequiredAttribute("Invoice", "InvoiceNumber", invoiceNumber)]
public ActionResult InvoiceModal(string invoiceNumber)
{
    if (!Request.IsAjaxRequest())
       return RedirectToAction("InvoiceModal", "Orders", new { area = "my_account", headerNumber = invoiceNumber });

    InvoiceHeader invoice = _invoiceReader.Get(invoiceNumber, false);

    if (_dealerContext.CurrentFranchisee != null)
    {
       var order = _orderReader.GetByInvoiceNumber(invoice.InvoiceNumber).FirstOrDefault();
       if (order == null)
             return HttpNotFound();

       if (order.Franchisee == null || _dealerContext.CurrentFranchisee.Key != order.Franchisee.Key)
            return new HttpUnauthorizedResult();
    }

    return PartialView("InvoiceModal", invoice);
}

Below is the attribute I have created so far, I am struggling to pass the values form the controller attribute to the attribute, please see the attribute class below:

public class CustomerContextRequiredAttribute : System.Web.Mvc.AuthorizeAttribute
{
    public object Entity { get; set; }

    public string Key { get; set; }

    public int Value { get; set; }
    public CustomerContextRequiredAttribute(object entity, string key, int value)
    {
        this.Entity = entity;
        this.Key = key;
        this.Value = value;
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        var customerContext = DependencyResolver.Current.GetService<CustomerContext>();
        var _customerReader = DependencyResolver.Current.GetService<ICustomerReader>();

        var entity = this.Entity;
        var key = this.Key;
        var value = this.Value;

        // some logic required for the attribute I am creating based on the above three values..

    }
}

This will be required on multiple actions so how do I get the required data / fields on the custom attribute?

Improve this question
2
  • Attribute parameters value in controller is not available in OnAuthorization method in CustomerContextRequiredAttribute class? Commented Sep 3, 2018 at 17:22
  • IMHO, I'm not sure this should be implemented as an "Authorization Filter". It seems you just want to ensure that Invoice exists, rather than checking if the request is authorized (who not what)? Commented Sep 3, 2018 at 17:45

1 Answer 1

Reset to default
1

This looks like it should work. Passing the values to the constructor like this is acceptable.

You could try removing them from the constructor and doing the following:

[CustomerContextRequiredAttribute(Entity = "Invoice", Key = "InvoiceNumber", Value = invoiceNumber)]
public ActionResult InvoiceModal(string invoiceNumber)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.