I'm trying to implement access denied error page on a new ASP.NET MVC 5 project with Individual User Accounts Authentication Mode. I add CustomAuthorize class that inherit from AuthorizeAttribute
我尝试在一个新的ASP中实现访问被拒绝的错误页面。NET MVC 5项目,具有个人用户账号认证模式。我添加了从AuthorizeAttribute继承的CustomAuthorize类
public class CustomAuthorize : AuthorizeAttribute
{
protected virtual CustomPrincipal CurrentUser
{
get { return HttpContext.Current.User as CustomPrincipal; }
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAuthenticated)
{
if (!string.IsNullOrEmpty(Roles))
{
if (!CurrentUser.IsInRole(Roles))
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
//base.OnAuthorization(filterContext); // returns to login url
}
}
if (!string.IsNullOrEmpty(Users))
{
if (!Users.Contains(CurrentUser.UserName))
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
//base.OnAuthorization(filterContext); // returns to login url
}
}
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
base.HandleUnauthorizedRequest(filterContext);
}
else
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
}
}
}
add ErrorController.cs
添加ErrorController.cs
public class ErrorController : Controller
{
public ActionResult AccessDenied()
{
return View();
}
}
and AccessDenied.cshtml view
和AccessDenied。cshtml视图
<h2>Access Denied</h2>
<p>You do not have access to view this page</p>
then applied in HomeController.cs
然后应用于HomeController.cs
[CustomAuthorize]
public class HomeController : Controller
but it always redirecting to login page. How to display the access denied page?
但它总是重定向到登录页面。如何显示拒绝访问页面?
1 个解决方案
#1
1
Create new mvc 5 project with Individual User Accounts, add your Error Controller, view and CustomAuthorize attribute class.
使用个人用户帐户创建新的mvc 5项目,添加您的错误控制器、视图和自定义属性类。
Then update home controller like below.
然后更新home controller,如下所示。
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[CustomAuthorize(Roles = "TestRole")]
public ActionResult About()
{
ViewBag.Message = "Your application description page.";
return View();
}
public ActionResult Contact()
{
ViewBag.Message = "Your contact page.";
return View();
}
}
Register and login, try to click on the About link you'll get redirected to access denied page as there is no user with role 'TestRole'
注册和登录,试着点击About链接你会被重定向到访问被拒绝的页面因为没有用户具有“TestRole”角色
#1
1
Create new mvc 5 project with Individual User Accounts, add your Error Controller, view and CustomAuthorize attribute class.
使用个人用户帐户创建新的mvc 5项目,添加您的错误控制器、视图和自定义属性类。
Then update home controller like below.
然后更新home controller,如下所示。
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[CustomAuthorize(Roles = "TestRole")]
public ActionResult About()
{
ViewBag.Message = "Your application description page.";
return View();
}
public ActionResult Contact()
{
ViewBag.Message = "Your contact page.";
return View();
}
}
Register and login, try to click on the About link you'll get redirected to access denied page as there is no user with role 'TestRole'
注册和登录,试着点击About链接你会被重定向到访问被拒绝的页面因为没有用户具有“TestRole”角色