lundi 4 avril 2016

ExecuteResult method not called in HttpUnauthorizedResult derived class

I need to implement digest authentification with ASP.NET MVC 3. To that end I've inherited from AuthorizeAttribute and HttpUnauthorizedResult. The code is as follows:

[AttributeUsage ( AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true )]
public class SessionAuthorize: AuthorizeAttribute {
    public override void OnAuthorization ( AuthorizationContext actionContext ) {
        try {
            if ( null != actionContext.HttpContext.Request.Headers["Authorization"] )
                // authorization is on the way
                // <...>
            else
                actionContext.Result = new HttpDigestUnauthorizedResult ();
        } catch ( Exception ex ) {
            Trace.TraceWarning ( "SessionAuthorize.OnAuthorization failed: {0}", ex.Message );
        }
        base.OnAuthorization ( actionContext );
    }
}

public class HttpDigestUnauthorizedResult: HttpUnauthorizedResult {
    public HttpDigestUnauthorizedResult () : base () {
    }
    public override void ExecuteResult ( ControllerContext context ) {
        if ( context == null )
            throw new ArgumentNullException ( "context" );
        // this is supposed to initialize digest authentification exchange
        context.HttpContext.Response.AddHeader ( "WWW-Authenticate", string.Format ( "Digest realm=\"somerealm\",qop=\"auth\",nonce=\"{0}\",opaque=\"{1}\""/*, <...>*/ ) );
        base.ExecuteResult ( context );
    }
}

Code for controller/action is as follows:

public class DefaultController: Controller {
    [SessionAuthorize]
    public ViewResult Index () {
        return View ();
    }
}

so it does not do anything special.

However, overridden ExecuteResult is never called, and only standard 401 page is returned. What am I missing here? Where should be ExecuteResult called from?

Aucun commentaire:

Enregistrer un commentaire