自定义授权属性显示拒绝消息而不路由到控制器
Custom Authorize Attribute show denied message without routing to controller
在我的 ASP.NET 网络应用程序中,我使用 CustomAuthorizeAttribute
进行访问控制。所以正常的方法是如果用户角色不匹配,用户将重定向到控制器并显示拒绝访问页面。
有没有办法做到这一点,比如如果用户角色与授权不匹配,它不能在不路由到控制器的情况下在视图上显示消息或警报或其他内容吗?
这是模型。
public class RoleAuthorize: AuthorizeAttribute {
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
if (!filterContext.HttpContext.User.Identity.IsAuthenticated) {
filterContext.Result = new HttpUnauthorizedResult();
} else {
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new {
controller = "Account", action = "AccessDenied"
}));
}
}
}
控制器检查授权
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
[RoleAuthorize(Roles = "1")]
public ActionResult DeleteConfirmed(int id) {
M_Employee m_Employee = db.CreateEmployee.Find(id);
db.CreateEmployee.Remove(m_Employee);
db.SaveChanges();
return RedirectToAction("Index");
}
正在编辑
我试过这样做
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
if (!filterContext.HttpContext.User.Identity.IsAuthenticated) {
filterContext.Result = new HttpUnauthorizedResult();
} else {
System.Web.HttpContext.Current.Session["error"] = "You're not authorize for this action";
}
}
而我修改的页面为
< div class = "form-actions no-color" > @HttpContext.Current.Session["error"] < input type = "submit"
value = "Delete"
class = "btn btn-default" / > | @Html.ActionLink("Back to List", "Index") < /div>
但它不起作用。
你可以试试这个。
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (!HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new HttpUnauthorizedResult();
}
else
{
filterContext.Controller.TempData.Add("RedirectReason", "You are not authorized to access this page.");
filterContext.Result = new RedirectResult("~/Error");
}
}
在我的 ASP.NET 网络应用程序中,我使用 CustomAuthorizeAttribute
进行访问控制。所以正常的方法是如果用户角色不匹配,用户将重定向到控制器并显示拒绝访问页面。
有没有办法做到这一点,比如如果用户角色与授权不匹配,它不能在不路由到控制器的情况下在视图上显示消息或警报或其他内容吗?
这是模型。
public class RoleAuthorize: AuthorizeAttribute {
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
if (!filterContext.HttpContext.User.Identity.IsAuthenticated) {
filterContext.Result = new HttpUnauthorizedResult();
} else {
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new {
controller = "Account", action = "AccessDenied"
}));
}
}
}
控制器检查授权
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
[RoleAuthorize(Roles = "1")]
public ActionResult DeleteConfirmed(int id) {
M_Employee m_Employee = db.CreateEmployee.Find(id);
db.CreateEmployee.Remove(m_Employee);
db.SaveChanges();
return RedirectToAction("Index");
}
正在编辑
我试过这样做
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
if (!filterContext.HttpContext.User.Identity.IsAuthenticated) {
filterContext.Result = new HttpUnauthorizedResult();
} else {
System.Web.HttpContext.Current.Session["error"] = "You're not authorize for this action";
}
}
而我修改的页面为
< div class = "form-actions no-color" > @HttpContext.Current.Session["error"] < input type = "submit"
value = "Delete"
class = "btn btn-default" / > | @Html.ActionLink("Back to List", "Index") < /div>
但它不起作用。
你可以试试这个。
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (!HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new HttpUnauthorizedResult();
}
else
{
filterContext.Controller.TempData.Add("RedirectReason", "You are not authorized to access this page.");
filterContext.Result = new RedirectResult("~/Error");
}
}