Click here to Skip to main content
15,353,841 members
Articles / Web Development
Posted 2 May 2012


19 bookmarked

ASP.NET WEB API Custom Authorize and Exception Handling Attributes

Rate me:
Please Sign up or sign in to vote.
4.33/5 (7 votes)
27 May 2012CPOL
How to implement the custom authorization and exception handling attribute in the ASP.NET Web API.


In this article, I will explain and demonstrate how to implement the custom authorization and exception handling attribute in the ASP.NET Web API.

Custom Authorize Attribute

in ASP.NET WEB API you can extend "AuthorizeAttribute" to implement custom authorization filter to control the access to the application. I have overridden the "OnAuthorization" method to check custom authorization rules. In this implementation, I am assuming that user will send and receive the data through "HTTP headers".

Following is code example how to implement it.

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
    public override void OnAuthorization(
           System.Web.Http.Controllers.HttpActionContext actionContext)
        if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
            // get value from header
            string authenticationToken = Convert.ToString(
            // it is saved in some data store
            // i will compare the authenticationToken sent by client with
            // authenticationToken persist in database against specific user, and act accordingly
            if (authenticationTokenPersistant != authenticationToken)
                HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken);
                HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);

            HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken);
            HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
        actionContext.Response = 
        actionContext.Response.ReasonPhrase = "Please provide valid inputs";

Custom Handle Exception attribute:

To implement custom Handle Exception attribute you need to extend "ExceptionFilterAttribute", and override "OnException" method.

You can find the example below:

public class HandleExceptionAttribute : ExceptionFilterAttribute
    public override void OnException(HttpActionExecutedContext actionExecutedContext)
        if (actionExecutedContext.Exception != null)
            var exception = actionExecutedContext.Exception;
            var response = new HttpResponseMessage();
            response.StatusCode = HttpStatusCode.InternalServerError;
            response.ReasonPhrase = exception.Message;
            actionExecutedContext.Result = response;


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

aamir sajjad
Software Developer (Senior) -
Pakistan Pakistan
i am working as a senior software developer.

Comments and Discussions

QuestionMessage Closed Pin
4-Apr-16 22:28
MemberMember 124372934-Apr-16 22:28 
QuestionDealing with only Authentication Pin
Muhammad N@beel24-Feb-14 3:42
professionalMuhammad N@beel24-Feb-14 3:42 
QuestionWhere is this code placed in the solution? Pin
R. Ian Lee15-Oct-13 5:10
MemberR. Ian Lee15-Oct-13 5:10 
AnswerRe: Where is this code placed in the solution? Pin
aamir sajjad15-Oct-13 6:02
Memberaamir sajjad15-Oct-13 6:02 
QuestionQuestion Pin
Member 798658410-May-12 5:48
MemberMember 798658410-May-12 5:48 
AnswerRe: Question Pin
aamir sajjad13-May-12 2:38
Memberaamir sajjad13-May-12 2:38 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.