b_in_U b_in_U - 21 days ago 10x
C# Question

Custom authorization attribute not working in WebAPI

public class CustomAuthorizeAttribute : AuthorizationFilterAttribute
protected override bool AuthorizeCore(HttpContextBase httpContext)
return true;// if my current user is authorised

Above is my CustomAuthorizeAttribute Class

[CustomAuthorize] // both [CustomAuthorize] and [CustomAuthorizeAttribute ] I tried
public class ProfileController : ApiController
//My Code..

When I'm calling


It is not firing

More over My FilterConfig class is look like below

public class FilterConfig
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
filters.Add(new CustomAuthorizeAttribute());

Please help if I miss something.

  1. Looks like you are using an MVC filter rather than a Web API filter by the usage of HttpContextBase. So use the filter from the System.Web.Http.Filters namespace.
  2. You need to override OnAuthorization or OnAuthorizationAsync on the Web API filter.
  3. You don't need to register a global filter and decorate your controller with it. Registering it will make it run for all controllers.

Web API filter code: https://aspnetwebstack.codeplex.com/SourceControl/latest#src/System.Web.Http/Filters/AuthorizationFilterAttribute.cs