Home/ Questions/Q 8290061
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T12:41:08+00:00

When implementing authorization for ASP.NET, where should I put AuthorizeAttribute implemented class? In my

  • 0

When implementing authorization for ASP.NET, where should I put AuthorizeAttribute implemented class?

In my project, I have created a class called BasicHttpAuthorizedAttribute which implements System.Web.Http.AuthorizeAttribute class and I have overridden the methods I want.

I have registered this BasicHttpAuthorizedAttribute class as a filter.

My problem is even though I do not mention the [Authorized] attribute on top of controller method, BasicHttpAuthorizedAttribute class’s OnAuthorization() method gets called.

That should not be like that, right? It should only be called if you have mentioned [Authorized] attribute on top of controller method. Am I right?

What am I doing wrong here? (My project is a ASP.Net web api project and I am using System.Web.Http.AuthorizeAttribute class)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Basically, it goes into the OnAuthorization() event each time because you’ve registered it as a filter.

    This article has a few neat tips and trips on blanket filtering and anonymous exceptions, which is, I think, what you want. It may be for MVC, but the techniques used should apply to most ASP.NET types with a little tweaking.

    http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx

    Example from article:

    [HttpPost]
[AllowAnonymous]
public ActionResult LogOn(LogOnModel model, string returnUrl)
    • 0