Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
public class AuthorizeResourceAttribute : TypeFilterAttribute
{
public AuthorizeResourceAttribute(Type requirementType)
: base(typeof(AuthorizeResourceFilter))
{
Arguments = new object[] { requirementType };
}
private class AuthorizeResourceFilter : IAsyncActionFilter
{
private readonly IAuthorizationService _authorizationService;
private readonly Type _requirementType;
public AuthorizeResourceFilter(ApplicationDbContext dbContext, IAuthorizationService authorizationService, Type requirementType)
{
_authorizationService = authorizationService;
_requirementType = requirementType;
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var resource = context.ActionArguments.First().Value;
var requirement = Activator.CreateInstance(_requirementType) as IAuthorizationRequirement;
var authorizationResult = await _authorizationService.AuthorizeAsync(context.HttpContext.User, resource, requirement);
if (!authorizationResult.Succeeded)
{
context.Result = new ForbidResult();
return;
}
await next();
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.