开发者

Continues to execute MVC-controller after FormsAuthentication.SignOut()

I save all session in the database. Lets imagine that this session was lost in the database, not in the cookies.

In OnAuthorization(AuthorizationContext filterContext) I retrieve user object from database base on the session id.

if (HttpContext.User.Identity.IsAuthenticated)
{
    //Gets user data from DB.
    var user = userRepos.GetUser(HttpContext.User.Identity.Name); 

        if (user != null)
        {
            CurrentUser = user;
            Thread.CurrentPrincipal = HttpContext.User = new DibPrincipal(user);
            return;
        }
        else
        {
            FormsAuthentication.SignOut();
            Session.Abandon();
            Response.Redirect(FormsAuthentication.LoginUrl, true);
        }
    }
}

Imagine that user called a controller GetDocuments, but he was redirected to FormsAuthentication.LoginUrl. It works, user is been redirected, but I get en exception which shows an error in GetDocument controller, because CurrentUser does not exist. So .net trying to call GetDocuments even after redirecting.

How to avoid this error?开发者_StackOverflow中文版

Thanks! :)


You should not redirect from your OnAuthorization function but rather set the Result parameter from the filterContext as such :

filterContext.Result == new RedirectToRouteResult(new RouteValueDictionary {
{
    "controller",
    "Utilisateurs"
},
{
    "action",
    "Connexion"
},
{
    "ReturnUrl",
    filterContext.HttpContext.Request.RawUrl
}
});
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜