1
When will we create an attribute like AuthorizeAttribute
We have these 2 properties to be overwritten
What is the difference between the two? Both seem to have the same function
[Edit]
The namespace of the cited attribute is System.Web.Mvc.Authorizeattribute
2
AuthorizeCoreIt is the method that effectively makes the decision whether the user is authorized or not to access a given context. Here we check the roles, the normal rules, the special rules, and so on. The return is just a boolean.
OnAuthorizationIt is a method that performs additional actions that have to do with the verification of the authorization itself, but it is not exactly the verification of the authorization. For example, to put conditions in place to verify whether the verification of the authorisation itself should be done or not.
Unlike AuthorizeCore, does not return output (void). The difference between the two is basically in the scope of each.
1
Succinctly:
AuthorizeCore.OnAuthorization.Basically, the OnAuthorization checks if a/the action/controller has the attribute AllowAnonymousAttribute. If you have the attribute, the tool is not required. If you do not have the attribute, then call the AuthorizeCore to determine whether the request is authorised.
After running the AuthorizeCore, the OnAuthorization defines how to respond to unauthorized requests.
PS: The source code of the two methods can be found in Github.
yes it is from Asp.net mvc and not from webapi, I will update the question
Why the negative vote?
hi? I did not vote no, since your answer is correct
@The question wasn’t for you, it was for the one who cast the vote :P
Browser other questions tagged c# asp.net-mvc-5
You are not signed in. Login or sign up in order to post.
And there’s a way to capture the controller via authorizeCore’s Httpcontextbase ?
– Rod
@Rod Here’s how to get the controller, or controller name: http://stackoverflow.com/a/9022179/857807
– dcastro
@dcastro much Gambi to get the controller in this link, I will use Onauthorization even, worth :D
– Rod