Home/ Questions/Q 7635009
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T07:19:55+00:00

I find that many things in Asp.Net is based on assumed knowledge. I for

  • 0

I find that many things in Asp.Net is based on assumed knowledge. I for example do not know much about internet authentication and have a hard time finding anything about it on a beginner level.

One thing that is puzzling me is the AuthorizeAttribute. I understand how to use it and what it’s supposed to do but I’m wondering if it will work under situations where you have a custom login system.

In the description on the AuthorizeAttribute page it says simply
When you mark an action method with AuthorizeAttribute, access to that action method is restricted to users who are both authenticated and authorized.

So what is a authenticated user, how do you set one user to be authenticated. If I create my own login system how do I set is so that a logged in user is authenticate enough for AuthorizeAttribute to allow him entry?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It checks the IsAuthorized of the IIdentity of IPrincipal.

    In the Global.asax add a method to handle “AuthorizeRequest”. then in that method do what ever you need to check the user is authorized (check a session, cookie, db etc)

    Then set the HttpContext.Current.User to a GenericPrincipal that has an user that implements the IIdentity and has it’s IsAuthorized set to true.

    Something like this:

      public class MvcApplication : HttpApplication
  {
    public MvcApplication()
    {
      this.AuthorizeRequest += this.AuthorizedRequestEvent;
    }

    private void AuthorizedRequestEvent(object sender, System.EventArgs e)
    {
      // do checking here with what ever you want
      bool isAuthenicated = false;

      // change this what what ever implements IIdentity
      var user = new User(); 
      user.IsAuthenticated = isAuthenicated ;
      GenericPrincipal principal;
      principal = new GenericPrincipal(user, new string[] { });
      HttpContext.Current.User = principal;
    }
   }
    • 0