Sri Ram

Sri Ram

  • 1.8k
  • 157
  • 51k

Custom Validation using Action Filter vs Authorize Filter

May 22 2020 11:28 PM
We have an ASP.NET Core 3 MVC app using cookie authentication. When the user logs into the app, a SessionId(created in sql db) is added to the claims collection.
 
For every action method execution, we want to verify this SessionId is valid string, belongs only to the logged-in user and has doesn't expired. This validation logic will be kept in the sql server side using a stored proc. If this validation results in failure, then user would have to redirected to a custom page(e.g. InvalidSession.cshtml)
 
For this implementing this validation, what would be the best approach in ASP.NET Core 3.0?
 
Can we use custom ActionFilters or AuthorizationFilters or is there any better way of handling this scenario?
 
Experts, please advice. 
 
 

Brought to you by:

Answers (1)