I am implementing a custom authorization system and I want to create an authorization filter. To do this I implement IAsyncAuthorizationFilter interface and as far as I understand it, to block access to an Action/Controller I need to set AuthorizationFilterContext.Result to something
CodePudding user response:
By using this method, your application expects a HTTP status code as a returning value.
You can create a if statement that blocks the response if the return code is 401 (which means "Unauthorized").
However, there are more reasons why your response might not return. I would suggest you to create a switch case statement that could process the following codes:
- 401 Unauthorized;
- 403 Forbidden;
- 407 Proxy Authentication Required.