Instantly share code, notes, and snippets.

Embed
What would you like to do?
public class AuthorizeResourceAttribute : TypeFilterAttribute
{
public AuthorizeResourceAttribute(Type requirementType)
: base(typeof(AuthorizeResourceFilter))
{
Arguments = new object[] { requirementType };
}
private class AuthorizeResourceFilter : IAsyncActionFilter
{
private readonly IAuthorizationService _authorizationService;
private readonly Type _requirementType;
public AuthorizeResourceFilter(ApplicationDbContext dbContext, IAuthorizationService authorizationService, Type requirementType)
{
_authorizationService = authorizationService;
_requirementType = requirementType;
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var resource = context.ActionArguments.First().Value;
var requirement = Activator.CreateInstance(_requirementType) as IAuthorizationRequirement;
var authorizationResult = await _authorizationService.AuthorizeAsync(context.HttpContext.User, resource, requirement);
if (!authorizationResult.Succeeded)
{
context.Result = new ForbidResult();
return;
}
await next();
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment