Asp MVC [Authorize] to return a Post instead of a

2019-06-07 20:44发布

问题:

I would like to use [Authorize(Roles="Admin")] tags on my controller methods.

If a user is not an admin I would like to return this user to my login screen. The default behaviour of returning the user to my login page is reroute my user to "Account/Login" using a Get url.

The problem is, my website's subpages are all partial views refreshed by Ajax calls, including my login screen.

So my question is: Is it possible to alter the class below to return a post redirect instead of a get redirect?

public class AjaxAuthorizeAttribute : AuthorizeAttribute
{
  override public void OnAuthorization(AuthorizationContext filterContext)
  {
    base.OnAuthorization(filterContext);
    // Only do something if we are about to give a HttpUnauthorizedResult and we are in AJAX mode.
    if (filterContext.Result is HttpUnauthorizedResult && filterContext.HttpContext.Request.IsAjaxRequest())
    {
      filterContext.Result =  new RedirectResult("../Account/Login");
    }
  }
}

回答1:

Apparently the problem seemes solved by removing the

[Acceptverbs(HttpVerbs.Post)]

attribute on my Account controller's Login method.

This way we don't even have to override the AuthorizeAttribute

:)



回答2:

I found a solution in Microsoft.WebPages.PreApplicationStartCode.SetupFormsAuthentication()

One need only add an appSetting named "loginUrl" to specify the login action:

<add key="loginUrl" value="~/Account/LogOn"/>