asp.net mvc Agregar al atributo AUTHORIZE

¿Cómo creo un atributo personalizado para extender el atributo Authorize existente en MVC?

Derive su clase de AuthorizeAttribute. Reemplazar el método OnAuthorization. Agregue y configure un CacheValidationHandler.

public void CacheValidationHandler( HttpContext context, object data, ref HttpValidationStatus validationStatus ) { validationStatus = OnCacheAuthorization( new HttpContextWrapper( context ) ); } public override void OnAuthorization( AuthorizationContext filterContext ) { if (filterContext == null) { throw new ArgumentNullException( "filterContext" ); } if (AuthorizeCore( filterContext.HttpContext )) { ... your custom code ... SetCachePolicy( filterContext ); } else if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { // auth failed, redirect to login page filterContext.Result = new HttpUnauthorizedResult(); } else { ... handle a different case than not authenticated } } protected void SetCachePolicy( AuthorizationContext filterContext ) { // ** IMPORTANT ** // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge( new TimeSpan( 0 ) ); cachePolicy.AddValidationCallback( CacheValidationHandler, null /* data */); } 

No necesita extender este atributo, web.config es suficiente. Lea acerca de los formularios Elemento para la autenticación . Presta atención en DefaultUrl. Esto es algo que necesitas

      
 public class CoolAuthorizeAttribute : AuthorizeAttribute { } 

Sugiero que si solo quiere extender el AuthorizeAttribute actual y agregar su propia autorización además de eso, en lugar de anular OnAuthorization, simplemente anule AuthorizeCore y agregue su condición MyCustomAuthorizationHolds a él.

 public class CustomAuthorizeAttribute : AuthorizeAttribute { // This method must be thread-safe since it is called by the thread-safe OnCacheAuthorization() method. protected override bool AuthorizeCore(HttpContextBase httpContext) { if (base.AuthorizeCore(httpContext) && MyCustomAuthorizationHolds) return true; return false; } }