This is a migrated thread and some comments may be shown as answers.

I have implemented an IAuthorizeAttribute but IsAuthorized is not being called.

3 Answers 41 Views
PanelBar
This is a migrated thread and some comments may be shown as answers.
This question is locked. New answers and comments are not allowed.
Daniel Corbett
Top achievements
Rank 1
Daniel Corbett asked on 26 Apr 2010, 05:46 AM
I've been working on this pretty extensively, and am finally 90% of the way there, but I am not able to figure out why IsAuthorized is not being called.

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]  
    public class PCIIAuthorizeAttribute : AuthorizeAttribute, IAuthorizeAttribute  
    {
        #region IAuthorizeAttribute Members  
 
        private String[] _splitRoles = null;  
          
        public PCIIAuthorizeAttribute() { }  
 
        public virtual bool IsAuthorized(HttpContextBase httpContext)  
        {  
            if (httpContext == null)  
                throw new ArgumentException("httpContext");  
 
            if (!PCIIService.IsLoggedIn())  
                return true;  
 
            if (_splitRoles == null)  
                _splitRoles = Roles.Split(',');  
 
            if (PCIIService.HasRole(_splitRoles))  
                return true;  
 
            return false;  
        }
        #endregion  
    } 

The attribute is configured here:
   [SessionExpireFilter]  
        [PCIIAuthorize(Roles="PCIIValidator")]  
        public ActionResult Index(Guid? id )  
        {  
 

Debugging through the code, I can see that it the PanelBar calls the authorization code, and extracts the role (PCIIValidator), but it fails to call IsAuthorized(), instead it calls AuthorizeCore, and I have no idea why that is.

I do see in AuthorizeAttributeBuilder.WriteIsAuthorized() where it re-creates the method, and does some kind of override, but this is not working the way I desire.

One additional comment -- My project was originally in .Net 3.5 on VS2008.   I have been trying to use VS2010, but a bug in resgen when targeting 3.5 is forcing me to run in .Net 4.0.   I wonder if there's some incompatibility in 4.0.

I'm going to go back to VS2008.. which is a chore because there's a lot of projects to change, but obviously necessary!  ;-(

  - Daniel

Suggestions?

3 Answers, 1 is accepted

Sort by
0
Georgi Krustev
Telerik team
answered on 26 Apr 2010, 10:49 PM
Hello Daniel,

Unfortunately it is hard to determine where the problem could be.

In general in ControllerAuthorization the orders, roles and users are retrieved before the IsAuthorized is called.

I will ask you to send us a project, which shows the implementation. Thus we will review it and suggest you further.

Greetings,
Georgi Krustev
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Daniel Corbett
Top achievements
Rank 1
answered on 27 Apr 2010, 02:21 AM

The problem can easily be seen with a small change to your Mvc.Examples project:

Add this file (TestAuthorizeAttribute.cs) to the Filters folder:

using System;  
using System.Collections.Generic;  
using System.Linq;  
using System.Web;  
using System.Web.Mvc;  
using Telerik.Web.Mvc.Infrastructure;  
 
namespace Telerik.Web.Mvc.Examples.Filters  
{  
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]  
    public class TestAuthorizeAttribute : AuthorizeAttribute, IAuthorizeAttribute  
    {
        #region IAuthorizeAttribute Members  
 
        private IList<String> _splitRoles = null;  
 
        public TestAuthorizeAttribute() { }  
 
        public virtual bool IsAuthorized(HttpContextBase httpContext)  
        {  
            if (httpContext == null)  
                throw new ArgumentException("httpContext");  
 
            // if (!PCIIService.IsLoggedIn()) --   
            //    return true;  
 
            if (_splitRoles == null)  
                _splitRoles = Roles.Split(',');  
 
            // if (PCIIService.HasRole(_splitRoles))  
            if (_splitRoles.Contains("OK"))        
                return true;  
 
            return false;  
        }
        #endregion  
    }  

Then on any Controller Action, add: [TestAuthorize(Roles = "OK")]  OR [TestAuthorize(Roles = "NOT OK")]  
Here's an excert from the PanelBar SiteMapBindingController.cs.   What this should do, is to ALLWAYS succeed for SiteMapBinding, but always fail for Templates.

[PopulateSiteMap(SiteMapName = "sample", ViewDataKey = "sample")]  
        [SourceCodeFile("Sitemap""~/sample.sitemap")]  
        [TestAuthorize(Roles = "OK")]  
        public ActionResult SiteMapBinding()... 

Instead what it does is to block both on the menu, after doing the same thing as mentioned above.

The easiest way to understand what is happening is to set a breakpoint in ControllerAuthorization at line 83, and see what happens...
An exception is thrown as it tries to access the membership database which has not been configured.
0
Accepted
Georgi Krustev
Telerik team
answered on 27 Apr 2010, 02:43 PM
Hello Daniel,

Thank you for your feedback.

After further investigation, we were able to narrow the problem. Currently If you need to make your attribute to work you need to override AuthorizedCore and implement the authorization functionality.

Nevertheless we fixed this issue and for your convenience I have attached the latest internal build.

I have updated your Telerik points.

Sincerely yours,
Georgi Krustev
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Tags
PanelBar
Asked by
Daniel Corbett
Top achievements
Rank 1
Answers by
Georgi Krustev
Telerik team
Daniel Corbett
Top achievements
Rank 1
Share this question
or