codeopinion / hypermedia-blazorcrud
Transfer to URL with SHA Find file
Newer
Older
hypermedia-blazorcrud / Blazorcrud.Server / Authorization / AuthorizeAttribute.cs
@Derek Comartin Derek Comartin on 12 Jul 852 bytes Init
Raw Blame History 
namespace Blazorcrud.Server.Authorization;

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Blazorcrud.Shared.Models;

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthorizeAttribute : Attribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext context)
    {
        // skip authorization if action is decorated with [AllowAnonymous] attribute
        var allowAnonymous = context.ActionDescriptor.EndpointMetadata.OfType<AllowAnonymousAttribute>().Any();
        if (allowAnonymous)
            return;

        // authorization
        var user = (User)context.HttpContext.Items["User"];
        if (user == null)
            context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
    }
}