Home/ Questions/Q 8275825
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T08:11:41+00:00

Can you explain the differences between HttpApplication.AuthenticateRequest and HttpApplication.AuthorizeRequest in ASP.NET MVC 3 please?

  • 0

Can you explain the differences between HttpApplication.AuthenticateRequest and HttpApplication.AuthorizeRequest in ASP.NET MVC 3 please? When will they occur? Assume this scenario:

My User has a property called IsBanned and I want to check his/her IsBanned property in each request. If it was true, I redirect the User to an error page. But not for all requests, just requests that their action signed by [Authorize] attribute. OK, atthis type of actions, will HttpApplication.AuthenticateRequest occur or HttpApplication.AuthorizeRequest or anything else?

I know I can check this property in SignIn|LogOn action. But I means this:

  • A user requests logging in
  • I check the property IsBanned and it was false
  • The user logged in
  • User view some pages of site
  • The admin banned the user (while he is logged in)
  • User requests a page (action) that have [Authorize] attribute
  • User is logged in (before this. remember?)
  • So I have to show the requested page
  • But the user give a banned flag by admin
  • How can I prevent user from viewing requested page?

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I dont think you need to deal with either of HttpApplication.AuthenticateRequest or HttpApplication.AuthorizeRequest. I would solve it by using a custom Authorize Attribute. 

    public class MyAuthorizeAttribute : AuthorizeAttribute {

        protected override bool AuthorizeCore(HttpContextBase httpContext) {
            bool authorizerPrimarily = base.AuthorizeCore(httpContext);

            if(authorizedPrimarily){
               return user_not_banned;
            }

            return authorizerPrimarily;
        }
}

    You can get user’s name from httpContext.User.Identity.Name. Use it to grab data from database.

    Update for comment-1

    To redirect banned users to a specific page, you may do this:

    if(authorizedPrimarily){
   if(user_banned){
      httpContext.Response.Redirect("url of banned message");
      return false;
   }

  return true;
}
    • 0