开发者

How to check if user is authorized inside Action

问答 作者:

Usually I protect my Actions with [Authorize] but this time I need to check if a user is authorized inside the action.

Eg

if(userIsAuthorized) {
    //do stuff
}
else {
    //return to login page
}

I believe I am using 'Forms Authentication'

This question is kind of similar to this but none of the answers given seemed to work.

EDIT: I have done some more digging- it se开发者_如何学JAVAems if I breakpoint on an Action that has [Authorize], the User.Identity is set, but on Actions without it, the User.Identity is empty, even if I am logged in

If you just want to know if the user is logged in:

if (User.Identity.IsAuthenticated) { ... }

If you are trying to do anything role-specific:

if (User.IsInRole("Administrators")) { ... }

The User instance is a public property of the Controller class, so you always have access to it from a Controller you write. If no user is logged in you should have a GenericPrincipal for the User and a GenericIdentity for the User.Identity, so don't worry about checking for nulls.

Request.IsAuthenticated should work for what you're trying to do.

I suggest first figuring out what kind of Authorization your using. ;)

The answer you posted is correct. From what I remember poking around the [Authorize] attribute and related ActionFilter code MVC internally calls Page.User.Identity.IsAuthenticated just like those code examples.

Create an attribute like this: OnActionExecuting will get executed first before other code from the action

     public class IsAuthenticatedAttribute : ActionFilterAttribute
        {
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {
               //do your validations here. and redirect to somewhere if needed. 
                filterContext.HttpContext.Response.Redirect("/") //this will send user to home.
            }
        }

on each action where you need to check, add attribute like this:

[IsAuthenticatedAttribute]
public ActionResult ActionName(parameters?)
{
     // no need to worry about checking here.
    //do you action things
}

EDIT: This one still completes the action and then only redirect it. Not so much useful.

Put annotation [Authorize] in every your Action. Microsoft link. Example:

public class AdministrationController : Controller
{
     // GET: User/Create
       [Authorize]
        public ActionResult Create()
        { 
     }
}

继续阅读:asp.net-mvcauthorizationforms-authentication

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9