Skip to content

Unseal AuthorizeAttribute #1050

Closed
arbitrix opened this Issue Nov 29, 2012 · 2 comments

4 participants

@arbitrix

Unlike its counterparts

  • System.Web.Http.AuthorizeAttribute
  • System.Web.Mvc.AuthorizeAttribute

the Signalr AuthorizeAttribute is sealed and does not allow the authorization decision to be overridden in a subclass.

As per conversation with @davidfowl this is a request to unseal AuthorizeAttribute and make UserAuthorized a protected virtual bool.

Additionally, perhaps UserAuthorized should be renamed to AuthorizeCore or IsAuthorized to try and be consistent with either MVC or WebAPI (but not both).

http://msdn.microsoft.com/en-us/library/system.web.http.authorizeattribute.isauthorized(v=vs.108).aspx
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v=vs.108).aspx

@halter73 halter73 was assigned Dec 18, 2012
@halter73 halter73 added a commit that referenced this issue Jan 3, 2013
@halter73 halter73 Unseal AuthorizeAttribute 64c3715
@halter73
SignalR member
halter73 commented Jan 3, 2013

I don't think that UserAuthorized should be renamed since its parameter is only an IPrincipal instead of a fuller HttpContextBase or HttpActionContext. I would be more tempted to rename it if MVC and WebAPI shared the same convention.

@halter73 halter73 added a commit that referenced this issue Jan 3, 2013
@halter73 halter73 Unseal AuthorizeAttribute b3f36c6
@Xiaohongt
SignalR member

verified

@Xiaohongt Xiaohongt closed this Jan 6, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.