AuthorizeAttribute only called once

advertisements

Hee guys,

I have made my own custom athorizeattribute. It only fires once (directly after the first actionresult that has this attribute). But when I try to go to that same action it works (which can lead to a security breach).

Controller:

[AuthenticationController.IsLoggedInAsHero]
public ActionResult Hero()
{
    return View();
}

AuthenticationController:

    public class IsLoggedInAsHero : AuthorizeAttribute
    {
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (!isAuthenticatedAsHero())
            {
                filterContext.Result = new RedirectToRouteResult(
                                            new RouteValueDictionary(new { controller = "Account", action = "Login" })
                                    );
            }
        }
    }

isAuthenticatedAsHero():

public static bool isAuthenticatedAsHero()
{
    User user = new User();
    user = udc.GetUserByCookie();
    if (user.Hero== 1 && System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
    { return true; }
    else return false;
}

Help is appreciated!


I am not sure if this is your solution, but as far as I think, you should override this method:

protected override bool AuthorizeCore(HttpContextBase httpContext){
    return isAuthenticatedAsHero();
}

and

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
      filterContext.Result = new RedirectToRouteResult(
                                 new RouteValueDictionary(new { controller = "Account", action = "Login" })
                             );
}