发表新帖
发表新帖

Redirect to another page when user is not authorized in asp.net mvc3

前端 未结
关注
5 1829
隐瞒了意图╮
隐瞒了意图╮ 2020-12-05 07:20

I\'ve read

How to easily redirect if not authenticated in MVC 3? and Redirect to AccessDenied page when user is not authorized but the link from an answer (means h

相关标签:
5条回答
  • 没有蜡笔的小新
    2020-12-05 08:00

    The default Authorize attribute behaves in such a way that when the user is not authenticated or authenticated but not authorized then it set the status code as 401 (UnAuthorized). When the filter sets the status code as 401 the ASP.NET framework checks if the website has forms authentication enabled and if it is then redirects to loginUrl parameter set up there.

    If you want to change that behavior say you want to redirect the user to an AccessDenied controller if the user is authenticated but not authorized then you have to extend the Authorize attribute and override the HandleUnauthorizedRequest method.

    For ex.

    public class CustomAuthorize: AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.Result = new HttpUnauthorizedResult();
        }
        else
        {
           filterContext.Result = new RedirectToRouteResult(new 
               RouteValueDictionary(new { controller = "AccessDenied" }));
        }
    }
}

    You can override the HandleUnauthorizedRequest as per your need and then you have to mark the controller actions to use the CustomAuthorize attribute instead of the built-in one.

    0 讨论(0)
  • 花落未央
    2020-12-05 08:06

    Place "/Account/LogOn" Instead of "~/Account/LogOn"

    0 讨论(0)
  • 长发绾君心
    2020-12-05 08:10

    Since I did not want to override AuthorizeAttribute I used filter

    public class RedirectFilter : ActionFilterAttribute
{
   public override void OnActionExecuting(ActionExecutingContext filterContext)
    {

        if (!IsAuthorized(filterContext))
        {
            filterContext.Result =
                new RedirectToRouteResult(new RouteValueDictionary(new {controller = "AccessDenied"}));
        }
    }

    private bool IsAuthorized(ActionExecutingContext filterContext)
    {
        var descriptor = filterContext.ActionDescriptor;
        var authorizeAttr = descriptor.GetCustomAttributes(typeof(AuthorizeAttribute), false).FirstOrDefault() as AuthorizeAttribute;

        if (authorizeAttr != null)
        {
            if(!authorizeAttr.Users.Contains(filterContext.HttpContext.User.ToString()))
            return false;
        }
        return true;

    }
}
    0 讨论(0)
  • 臣服心动
    2020-12-05 08:14

    I like Mark's Answer,
    but I don't want to change all of my action attributes
    from [Authorize] to [CustomAuthorize]

    I edit Login() action on AccountController
    and check Request.IsAuthenticated before show view
    I think, if the authenticated user go to /Account/Logon,
    I will redirect to /Error/AccessDenied.

        [AllowAnonymous]
    public ActionResult Login(string returnUrl)
    {
        if (Request.IsAuthenticated)
        {
            return RedirectToAction("AccessDenied", "Error");
        }

        ViewBag.ReturnUrl = returnUrl;

        return View();
    }
    0 讨论(0)
  • 忘掉有多难
    2020-12-05 08:23

    Yes, it is correct as you mentioned in web.config

    <forms loginUrl="~/Account/LogOn" timeout="2880" />

    redirection is looking for Account controller and LogOn actionresult. If you want to redirect your page, change there instead of account and logon

    0 讨论(0)
 看不清?
提交回复
热议问题