开发者

MVC RoleProvider and Authorize attribute

问答 作者:

I have implemented my own role provider, and I'm not using the default one. It works to the point that it can tell when someone should or should not be able to view a page.

However, can it do the following:

  1. If a user is not logged in, redirect to my login page
  2. If a user IS logged in but does not have the correct role, redirect to a different page

I haven't figured out how to do this with the Authorize attribute, all I have is:

[Authorize(Roles="Admin")]

Basically I need to redirect to a different page based on what part of the authorization fails.

I've looked to see if it were 开发者_开发百科something in web.config but nothing obvious jumps out.

VoodooChild answered #1.

For #2 -

What you can do is check if the user is logged on the login page and display a different message or an entirely different page (or even do a redirect to a different action).

Alternatively you can create your own authorization attribute. This will require that you use this attribute everywhere instead of the default AuthorizeAttribute

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.IsAuthenticated)
        {
            filterContext.Result = new RedirectToRouteResult(
                               new RouteValueDictionary 
                               {
                                   { "action", "ActionName" },
                                   { "controller", "ControllerName" }
                               });
        }
        else
            base.HandleUnauthorizedRequest(filterContext);
    }
}

Update:

Just thought of another method. When a redirect is done to login page from a different page, a querystring ReturnUrl is also passed. So you can also check if it contains something AND the user is authenticated, chances are the user didn't have permission to view that page.

Off the top of my head, if you are using FormsAuthentication then to answer your first question - yes If the user is not Authenticated or logged in then it can be redirected to the log on page:

Make sure you have this in web.config file (not sure if you need anything beside this, will look into it..)

<authentication mode="Forms">
  <forms loginUrl="~/AccountController/LogOn" timeout="2880" />
</authentication>

To answer your second question: "If a user IS logged in but does not have the correct role, redirect to a different page"

The way we did this was, we used the System.Web.Security.Roles.GetRolesForUser(username); method to get the Roles and based on this we redirected the user to the correct view, after login.

Hope this helps!

继续阅读:asp.net-mvc-2

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9