Usually I protect my Actions with [Authorize] but this time I need to check if a user is authorized inside the action.
Eg
if(userIsAuthorized) {
//do stuff
}
else {
//return to login page
}
I believe I am using 'Forms Authentication'
This question is kind of similar to this but none of the answers given seemed to work.
EDIT: I have done some more digging- it seems if I breakpoint on an Action that has [Authorize], the User.Identity is set, but on Actions without it, the User.Identity is empty, even if I am logged in
If you just want to know if the user is logged in:
if (User.Identity.IsAuthenticated) { ... }
If you are trying to do anything role-specific:
if (User.IsInRole("Administrators")) { ... }
The User instance is a public property of the Controller class, so you always have access to it from a Controller you write. If no user is logged in you should have a GenericPrincipal for the User and a GenericIdentity for the User.Identity, so don't worry about checking for nulls.
Request.IsAuthenticated should work for what you're trying to do.
I suggest first figuring out what kind of Authorization your using. ;)
The answer you posted is correct. From what I remember poking around the [Authorize] attribute and related ActionFilter code MVC internally calls Page.User.Identity.IsAuthenticated just like those code examples.
Create an attribute like this: OnActionExecuting will get executed first before other code from the action
public class IsAuthenticatedAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//do your validations here. and redirect to somewhere if needed.
filterContext.HttpContext.Response.Redirect("/") //this will send user to home.
}
}
on each action where you need to check, add attribute like this:
[IsAuthenticatedAttribute]
public ActionResult ActionName(parameters?)
{
// no need to worry about checking here.
//do you action things
}
EDIT:
This one still completes the action and then only redirect it. Not so much useful.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 爷的心禁止访问 的文章《How to check if user is authorized inside Action》','https://www.manongdao.com/article-125599.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}