AuthorizeAttribute.OnAuthorization Method

Calls when an action is being authorized.

Namespace:  System.Web.Http
Assembly:  System.Web.Http (in System.Web.Http.dll)


Public Overrides Sub OnAuthorization ( _
    actionContext As HttpActionContext _
Dim instance As AuthorizeAttribute
Dim actionContext As HttpActionContext

public override void OnAuthorization(
    HttpActionContext actionContext
virtual void OnAuthorization(
    HttpActionContext^ actionContext
) override
abstract OnAuthorization : 
        actionContext:HttpActionContext -> unit 
override OnAuthorization : 
        actionContext:HttpActionContext -> unit 
public override function OnAuthorization(
    actionContext : HttpActionContext



Exception Condition

The context parameter is null.


Called when an action is being authorized. This method uses the user IPrincipal returned by means of GetUserPrincipal(HttpRequestMessage).

Authorization is denied in the following cases:

  • The request is not associated with any user.

  • The user is not authenticated.

  • The user is authenticated but is not in the authorized group of Userss (if defined), or if the user is not in any of the authorized Roles (if defined).

If authorization is denied then this method will invoke HandleUnauthorizedRequest(HttpActionContext) to process the unauthorized request.

You can use AllowAnonymousAttribute to cause authorization checks to be skipped for a particular action or controller.

See Also


AuthorizeAttribute Class

System.Web.Http Namespace