MVC Authorization - multiple login pages

2020-07-07 11:09发布

站内问答 / 移动开发
1534 3 4

I have a the following methods in an MVC Controller which redirect to the login page when a user is not logged in.

[Authorize]
public ActionResult Search() {
  return View();
}

[Authorize]
public ActionResult Edit() {
  return View();
}

Is there a quick/easy/standard way to redirect the second action to a different login page other than the page defined in the web.config file?

Or do I have to do something like

public ActionResult Edit() {
  if (IsUserLoggedIn)
    return View();
  else 
     return ReturnRedirect("/Login2");
}

标签: asp.net-mvc
举报
3条回答
【Aperson】
2楼-- · 2020-07-07 11:22

I think it is possible by creating a custom authorization filter: 

public class CustomAuthorization : AuthorizeAttribute
{
    public string LoginPage { get; set; }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.HttpContext.Response.Redirect(LoginPage);
        }
        base.OnAuthorization(filterContext);
    }
}

In your action: 

[CustomAuthorization(LoginPage="~/Home/Login1")]
public ActionResult Search() 
{
  return View();
}

[CustomAuthorization(LoginPage="~/Home/Login2")]
public ActionResult Edit() 
{
  return View();
}
查看更多
0人赞 添加讨论(0) 举报
疯言疯语
3楼-- · 2020-07-07 11:40

Web.config based forms authentication does not have such a functionality built-in (this applies to both WinForms and MVC). You have to handle it yourself (either through an HttpModule or ActionFilter, the method you mentioned or any other method)

查看更多
0人赞 添加讨论(0) 举报
地球回转人心会变
4楼-- · 2020-07-07 11:45

I implemented the accepted answer by user434917 and even though I was being redirected correctly, I was also receiving the error "Server cannot set status after HTTP headers have been sent." in the server log. After searching, I found this post (answer by Mattias Jakobsson) that solved the problem. I combined the answers to get this solution.

Create a custom authorization filter:

using System.Web.Mvc;
using System.Web.Routing;

namespace SomeNamespace.CustomFilters
{
    public class CustomAuthorization : AuthorizeAttribute
    {
        public string ActionValue { get; set; }
        public string AreaValue { get; set; }
        public string ControllerValue { get; set; }

        public override void OnAuthorization(AuthorizationContext context)
        {
            base.OnAuthorization(context);

            if (context.HttpContext.User.Identity.IsAuthenticated == false)
            {
                var routeValues = new RouteValueDictionary();
                routeValues["area"] = AreaValue;
                routeValues["controller"] = ControllerValue;
                routeValues["action"] = ActionValue;
                context.Result = new System.Web.Mvc.RedirectToRouteResult(routeValues);
            }
        }
    }
}

Then on your controller, use the customer attribute.

[CustomAuthorization(ActionValue = "actionName", AreaValue = "areaName", ControllerValue = "controllerName")]
public class SomeControllerController : Controller
{
    //DO WHATEVER
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)