More control on ASP.Net MVC's Authorize; to keep AJAX requests AJAXy

前端 未结 4 1645
深忆病人
深忆病人 2020-12-28 11:17

I have some action methods behind an Authorize like:

[AcceptVerbs(HttpVerbs.Post), Authorize]
public ActionResult Create(int siteId, Comment comment) {


        
相关标签:
4条回答
  • 2020-12-28 11:42

    I think the right way to handle this would be in your Javascript making the AJAX call.

    If the user needs to be authorized (or authenticated as your code implies) and isn't, you should inform them and maybe not allow them to try and comment in the first place.

    However, if that doesn't suit your needs. You could try and write your own authorize action filter, maybe inheriting from the one that comes with the MVC framework but redirects how you want it to. It's fairly straightforward.

    0 讨论(0)
  • 2020-12-28 11:46

    Recently I ran into exactly the same problem and used the code posted by J. Pablo Fernández with a modification to account for return URLs. Here it is:

    public class AuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute
    {
        override public void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
            // Only do something if we are about to give a HttpUnauthorizedResult and we are in AJAX mode. 
            if (filterContext.Result is HttpUnauthorizedResult && filterContext.HttpContext.Request.IsAjaxRequest())
            {
                // TODO: fix the URL building: 
                // 1- Use some class to build URLs just in case LoginUrl actually has some query already. 
                HttpRequestBase request = filterContext.HttpContext.Request;
                string returnUrl = request.Path;
                bool queryStringPresent = request.QueryString.Count > 0;
                if (queryStringPresent || request.Form.Count > 0)
                    returnUrl += '?' + request.QueryString.ToString();
                if (queryStringPresent)
                    returnUrl += '&';
                returnUrl += request.Form;
                String url = System.Web.Security.FormsAuthentication.LoginUrl +
                             "?X-Requested-With=XMLHttpRequest&ReturnUrl=" +
                             HttpUtility.UrlEncode(returnUrl);
                filterContext.Result = new RedirectResult(url);
            }
        }
    }
    
    0 讨论(0)
  • 2020-12-28 11:57

    Thanks to Lewis comments I was able to reach this solution (which is far from perfect, posted with my own comments, if you have the fixes feel free to edit and remove this phrase), but it works:

    public class AjaxAuthorizeAttribute : AuthorizeAttribute {
        override public void OnAuthorization(AuthorizationContext filterContext) {
            base.OnAuthorization(filterContext);
            // Only do something if we are about to give a HttpUnauthorizedResult and we are in AJAX mode.
            if (filterContext.Result is HttpUnauthorizedResult && filterContext.HttpContext.Request.IsAjaxRequest()) {
                // TODO: fix the URL building:
                // 1- Use some class to build URLs just in case LoginUrl actually has some query already.
                // 2- When leaving Result as a HttpUnauthorizedResult, ASP.Net actually does some nice automatic stuff, like adding a ReturnURL, when hardcodding the URL here, that is lost.
                String url = System.Web.Security.FormsAuthentication.LoginUrl + "?X-Requested-With=XMLHttpRequest";
                filterContext.Result = new RedirectResult(url);
            }
        }
    }
    
    0 讨论(0)
  • 2020-12-28 11:59

    Instead of using the authorize attribute, I've been doing something like the following.

    public ActionResult SomeCall(string someData)
    {
        if (Request.IsAjaxRequest() == false)
        {
            // TODO: do the intended thing.
        }
        else
        {
            // This should only work with AJAX requests, so redirect
            // the user to an appropriate location.
            return RedirectToAction("Action", "Controller", new { id = ?? });
        }
    }
    
    0 讨论(0)
提交回复
热议问题