In this post i am going to explain how to create your own custom authorization in asp.net MVC there are lots of resources about this on internet but i found this by my own way so may be its help you to solve your problem,In this example i am going to use IAuthorizationFilter interface for define my own custom attribute for MVC Controller and actions.
Step:1 Create Authorization Class
Imports System.Web.Mvc
Imports _of = StructureMap.ObjectFactory
Public Class Authorization
Inherits FilterAttribute
Implements IAuthorizationFilter
Private _roles() As OpenIDUser.Roles
Sub New(ByVal ParamArray roles() As OpenIDUser.Roles)
_roles = roles
End Sub
Public Sub OnAuthorization(ByVal filterContext As System.Web.Mvc.AuthorizationContext) Implements System.Web.Mvc.IAuthorizationFilter.OnAuthorization
Dim session = filterContext.HttpContext.Session
Dim u As OpenIDUser = Session("CurrentUser")
Dim IsLoggedIn As Boolean = Session("IsLoggedIn")
If IsLoggedIn Then
Dim UserRoleIds As List(Of Short) = u.UserRoles.Select(Function(ur) ur.RoleID).ToList
For Each r In _roles
If Not UserRoleIds.Contains(r) Then
filterContext.Result = New RedirectResult("~/Account/Openidlogin")
End If
Next
Else
filterContext.Result = New RedirectResult("~/Account/Openidlogin?returnUrl=" & filterContext.HttpContext.Request.Url.ToString)
End If
End Sub
End Class
Authorization class is derived from FilterAttributeso we can use this class as controller and actions attribute and Implements IAuthorizationFilter that contain Method OnAuthorization which fire before Action executes so we can put our authorization logic in side that method.
In OnAuthorization method we get this current user from session,which we would create when user login and also one key IsLoggedIn we put in session when user logged in. that we get here and check if user IsLoggedIn then in next step we get user roles that we are going to pass through Attribute when define on Action Methods and check user's roled available in roles that we passed if not then we set this Result property of filtercontext to new Redirect result that redirect user to login view.
Step:2 Use Authorization class as action or controller attribute.
Public Class TestController
Inherits System.Web.Mvc.Controller
<Authorization(OpenIDUser.Roles.Authorized, OpenIDUser.Roles.User)> _
Function AuthorizationNeeded() As ViewResult
'Add code here
End Function
End Class
Now test this action with implementation of session.this also work in whole controller.