ASP.Net MVC 3 Redirect UnAuthorized User not to lo

2019-01-31 09:43发布

站内问答 / 前端开发
825 6 5

i have a project using ASP.Net MVC3 and using membership for roles. i use authorize in every controller. eg:

[Authorize(Roles = "Administrator")]
    public ActionResult Index(string q, int i)
    {
      return View(model);
    }

if someone doesnt have role for administrator, then it will redirect to login page by default. how to change it,so it will redirect into Views/Shared/UnAuthorize.cshtml ? or maybe if someone doesnt have role for administrator, it will show message box (alert) ?

thanks in advance.

6条回答
做个烂人
2楼-- · 2019-01-31 09:49

i solved my problem. i only do this :

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

public class MyAuthorize : AuthorizeAttribute
{
   protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
   {
     //you can change to any controller or html page.
     filterContext.Result = new RedirectResult("/cpanel/roles/unauthorize");

   }
 }

and apply MyAuthorize to class or action:

[MyAuthorize]
public class AdminController :Controller
{
}

thats it.

查看更多
0人赞 添加讨论(0) 举报
迷人小祖宗
3楼-- · 2019-01-31 09:53

I use this method and it is very easy to implement.

Securing Asp.net MVC3

Change your default route to logon page in global.asax

查看更多
0人赞 添加讨论(0) 举报
Lonely孤独者°
4楼-- · 2019-01-31 09:56

My own version, based on ntep vodka's:

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if(IsUserAuthenticated(filterContext.HttpContext)) 
        {
            filterContext.Result = new RedirectResult("/Account/InvalidRole");
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }

    private bool IsUserAuthenticated(HttpContextBase context)
    {
        return context.User != null && context.User.Identity != null && context.User.Identity.IsAuthenticated;
    }
}

This way I get standard redirect to login page for not authenticated users, and custom redirect for users that are authenticated but don't have the appropriate role for the action.

查看更多
0人赞 添加讨论(0) 举报
我欲成王,谁敢阻挡
5楼-- · 2019-01-31 09:59

Just change the page that have to be shown in the web.config (check that the route exists)

<authentication mode="Forms">
  <forms loginUrl="~/UnAuthorize" timeout="2880" />
</authentication>

If you, instead, want to redirect to a specific path for every roles you can extend the AuthorizeAttribute with your own. Something like this (not tested, I write this to give you an idea)

public class CheckAuthorize : ActionFilterAttribute
{
  public Roles[] Roles { get; set; }
  public override void OnActionExecuting(ActionExecutingContext filterContext)
  {
    //Your code to get the user
    var user = ((ControllerBase)filterContext.Controller).GetUser();

    if (user != null)
    {
      foreach (Role role in Roles)
      {
        if (role == user.Role)
          return;
      }
    }      
    RouteValueDictionary redirectTargetDictionary = new RouteValueDictionary();
    if user.Role==Role.Administrator
    {
      redirectTargetDictionary.Add("action", "Unauthorized");
      redirectTargetDictionary.Add("controller", "Home");
    }
    else
    {
      redirectTargetDictionary.Add("action", "Logon");
      redirectTargetDictionary.Add("controller", "Home");
    }
    filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
  }
}
查看更多
0人赞 添加讨论(0) 举报
看我几分像从前
6楼-- · 2019-01-31 10:04

The code below helped and here is the reference in stackoverflow ASP.NET MVC 4 custom Authorize attribute - How to redirect unauthorized users to error page?

public class CustomAuthorize: AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if(!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
        else
        {
            filterContext.Result = new RedirectToRouteResult(new
            RouteValueDictionary(new{ controller = "Error", action = "AccessDenied" }));
        }
    }
}
查看更多
0人赞 添加讨论(0) 举报
三岁会撩人
7楼-- · 2019-01-31 10:06

Well, you can inherit from AuthorizeAttribute and override HandleUnauthorizedRequest which is responsible for redirection of unauhorized/unauthenticated requests. i think this question will be helpful to you

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)