Avoid multiple call to AuthorizeCore in MVC

AuthorizeCore in MVC

In MVC AuthorizeAttribute Class is another cool feature that makes it easy to add authentication at the Controller level. In AuthorizeAttribute class we have AuthorizeCore function, it specifies that access to a controller or action method is restricted to users who meet the authorization requirement. We can override AuthorizeCore  function as per our authorization logic.

When you place the [Authorize] attribute on a Controller’s action method, a couple of calls get made to the AuthorizeAttribute class at the beginning of each request to your controller to authenticate users. Lately when I was working on a web application I found this multiple calls as an extra overload that even though the user is authorized, AuthorizeCore got executed.

So to avoid this multiple calls, I found one of the property in HttpContext which is  SkipAuthorizationSkipAuthorization is a boolean property, you can set this as true once the user is authorized. The below code snippet will give you the brief idea.

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.SkipAuthorization) return true; // hack to avoid multiple call to the method
if (!authorized) //if user is not authorize
{
   return false;
}
if (authorized) //if user is authorize
{
   httpContext.SkipAuthorization = true;
   return true;
}
   return false;
}

Leave a Reply

Your email address will not be published. Required fields are marked *