Class DataWebAuthorizeAttribute.DataWebAuthorizeFilter
Authorization filter created by DataWebAuthorizeAttribute via TypeFilterAttribute. Enforces two checks:
- The user must be authenticated (IsAuthenticated).
- The user must be a DataWeb user (IsDataWeb).
Inherited Members
Namespace: DataWeb.Filter
Assembly: DataWeb.Core.dll
Syntax
public class DataWebAuthorizeAttribute.DataWebAuthorizeFilter : IAuthorizationFilter, IFilterMetadata
Constructors
DataWebAuthorizeFilter(ResponseMode, IUser)
Authorization filter created by DataWebAuthorizeAttribute via TypeFilterAttribute. Enforces two checks:
- The user must be authenticated (IsAuthenticated).
- The user must be a DataWeb user (IsDataWeb).
Declaration
public DataWebAuthorizeFilter(DataWebAuthorizeAttribute.ResponseMode responseMode, IUser user)
Parameters
| Type | Name | Description |
|---|---|---|
| DataWebAuthorizeAttribute.ResponseMode | responseMode | The DataWebAuthorizeAttribute.ResponseMode to apply when authorization fails. |
| IUser | user | The current user, injected by the DI container. |
Methods
OnAuthorization(AuthorizationFilterContext)
Evaluates authorization for the current request.
Sets Result to abort the pipeline when the user
is not authenticated or does not have the IsDataWeb flag.
Declaration
public void OnAuthorization(AuthorizationFilterContext context)
Parameters
| Type | Name | Description |
|---|---|---|
| AuthorizationFilterContext | context | The AuthorizationFilterContext for the current request. |
Remarks
When Redirect is active, the current relative URL (path + query)
is forwarded as the returnurl parameter. GetEncodedPathAndQuery(HttpRequest)
returns only the relative path, so there is no risk of open redirect to external domains.