Home/ Questions/Q 7129659
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T11:15:58+00:00

Here is my filter attribute: public class RoleAttribute : ActionFilterAttribute { public string Roles

  • 0

Here is my filter attribute:

public class RoleAttribute : ActionFilterAttribute
{
    public string Roles { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            EfUsuarioRepository usuarioRepository = new EfUsuarioRepository();
            var loggedInUser = usuarioRepository.BuscarCuentaPorCorreo(filterContext.HttpContext.User.Identity.Name);
            string[] userRoles = usuarioRepository.GetRolesForUser(loggedInUser.UsuarioId);

            foreach (string definedRole in this.Roles.Split(','))
            {
                foreach (string role in userRoles)
                {
                    if (definedRole.Equals(role))
                        return;
                }
            }

            throw new SecurityException("Access not granted!");    
        }
        else
        {
            throw new SecurityException("Access not granted!");    
        }
    }
}

Now my question is what is the preferred way to redirect to an unauthorized page? Do I inject myself into the HttpContext and perform a redirect? What is a proven pattern for this? I just want an “Unauthorized” page as a catch all.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Instead of inheriting from ActionFilterAttribute you should inherit from AuthorizeAttribute.

    This question has code that looks similar to what you’re trying to do and the return type is a boolean of true or false.

    • 0