AuthorizeAttribute.OnAuthorization Method
Calls when an action is being authorized.
Namespace: System.Web.Http
Assembly: System.Web.Http (in System.Web.Http.dll)
Syntax
'Declaration
Public Overrides Sub OnAuthorization ( _
actionContext As HttpActionContext _
)
'Usage
Dim instance As AuthorizeAttribute
Dim actionContext As HttpActionContext
instance.OnAuthorization(actionContext)
public override void OnAuthorization(
HttpActionContext actionContext
)
public:
virtual void OnAuthorization(
HttpActionContext^ actionContext
) override
abstract OnAuthorization :
actionContext:HttpActionContext -> unit
override OnAuthorization :
actionContext:HttpActionContext -> unit
public override function OnAuthorization(
actionContext : HttpActionContext
)
Parameters
- actionContext
Type: System.Web.Http.Controllers.HttpActionContext
The context.
Exceptions
| Exception | Condition |
|---|---|
| ArgumentNullException | The context parameter is null. |
Remarks
Called when an action is being authorized. This method uses the user IPrincipal returned by means of GetUserPrincipal(HttpRequestMessage).
Authorization is denied in the following cases:
The request is not associated with any user.
The user is not authenticated.
The user is authenticated but is not in the authorized group of Userss (if defined), or if the user is not in any of the authorized Roles (if defined).
If authorization is denied then this method will invoke HandleUnauthorizedRequest(HttpActionContext) to process the unauthorized request.
You can use AllowAnonymousAttribute to cause authorization checks to be skipped for a particular action or controller.