1

I have implemented custom method for making user information available to Views with smth like that:

    protected override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (HttpContext.User != null)
        {
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                JavaScriptSerializer serializer = new JavaScriptSerializer();
                AWESOMEUser user = serializer.Deserialize<AWESOMEUser>(authTicket.UserData);
                if (user == null)
                {
                    HttpContext.User = null;
                }
                else
                {
                    HttpContext.User = new PlatformUser(typeof(DBMembershipProvider).Name, user);
                }
            }
            else
            {
                HttpContext.User = null;
            }

        }
        base.OnAuthorization(filterContext);
}

The problem is when user information (especially permissions) are changed in DB it is not reflected in Views. Shall I just update it on every call here on there is smarter way, i.e. other method which helps to update user information automatically?

tereško
  • 58,060
  • 25
  • 98
  • 150
NeatNerd
  • 2,305
  • 3
  • 26
  • 49
  • Kind of hard to understand what you mean, but here are several ways to do this. You could call your OnAuthorization on a POST event and update your model (Assuming a strongly typed view)...Also, AJAX would work for this as well. – Botonomous Aug 07 '13 at 13:20
  • 1
    OnAuthorization is execute before OnActionExecuting. When you run the action that updates your authorization, you already executed that code you show us. A POST request should rarely return a HTML response. You should do what you have to in your action, then redirect to a GET request. This would solve your problem along and improve your request pattern. – Pluc Aug 07 '13 at 13:33

1 Answers1

2

OnAuth method is called when a process requests authorization.

You will find lot of material online, adding few of them here

http://blog.tomasjansson.com/securing-your-asp-net-mvc-3-application http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/

http://patrickdesjardins.com/blog/make-all-actions-of-controller-securized-with-authorise-filter-implicit

Nipun Ambastha
  • 2,553
  • 1
  • 16
  • 26