ASP MVC 5 Logged in User can still access Login an

2019-09-05 16:33发布

I have an ASP MVC 5 application and I've noticed that logged in user can still access the registration and login pages. I've also noticed that when a logged in user tries to access a controller action to which they are not authorized, they are redirected to the login page. This is confusing because the user is already logged in.

How do I fix this so that unauthorised redirects to some other 401 error page or view.

标签： redirect login asp.net-mvc-5 authorization http-status-code-401

1条回答

爷的心禁止访问

2楼-- · 2019-09-05 17:28

On registration/login page, you can redirect logged users :

// GET: /Account/Login
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
    if (User.Identity.IsAuthenticated)
    {
        return RedirectToAction("Index", "Account");
    }
    // ...
}

And if you use role, you can override the AuthorizeAttribute

[AuthorizeRole(Roles="Admin")]
public ActionResult Admin()
{
//...
}

AuthorizeRoleAttribute.cs
Edit: Override HandleUnauthorizedRequest

public class AuthorizeRoleAttribute : AuthorizeAttribute
{
    public override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.User.Identity.IsAuthenticated
            // Check if user is in roles
            && Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))
        {
            // Not in any role change view
            filterContext.Result = new ViewResult
            {
                ViewName = "~/Views/Shared/UnauthorizedRole.cshtml"
            };
        }
        else{
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
}

0人赞添加讨论(0) 举报

ASP MVC 5 Logged in User can still access Login an

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间