ASP.NET MVC:Response.Redirect(url,TRUE)不会停止请求处理

时间:2022-12-04 18:31:47

I have a method decorated with two custom ActionFilterAttribute.

我有一个用两个自定义ActionFilterAttribute修饰的方法。

[RequiresAuthentication(Order = 1)]
[ToonAction(Order = 2)]
public ActionResult Browse(...

RequiresAuthentication attribute is coming from this article

RequiresAuthentication属性来自本文

Inside RequiresAuthentication, on it's OnActionExecuting I do:

在RequiresAuthentication内部,OnActionExecuting我做:

 filterContext.HttpContext.Response.Redirect(loginUrl, true);

The line is get executed, and the arguments are all as expected. The problem is that after executing the line above, I get next attribute (ActionFilterAttribute) executed, as if redirect didn't work, it just continues executing the request, instead of simply redirecting browser.

该行被执行,参数全部按预期执行。问题是在执行上面的行后,我得到了下一个属性(ActionFilterAttribute),好像重定向不起作用,它只是继续执行请求,而不是简单地重定向浏览器。

Question: what else do I need to do to make the request handler

问题:我还需要做什么来制作请求处理程序

This is a complete method:

这是一个完整的方法:

    public override void OnActionExecuting(ActionExecutingContext filterContext) {
        //redirect if not authenticated
        var identity = filterContext.HttpContext.User.Identity;
        if (!identity.IsAuthenticated) {
            //use the current url for the redirect
            string redirectOnSuccess = filterContext.HttpContext.Request.Url.PathAndQuery;

            //send them off to the login page
            string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
            string loginUrl = FormsAuthentication.LoginUrl + redirectUrl;
            filterContext.HttpContext.Response.Redirect(loginUrl, true);
            // filterContext.Result = new HttpUnauthorizedResult();
            // filterContext.HttpContext.Response.StatusCode = 0x191;
        }
    }

4 个解决方案

#1


26  

You want to set the Result on the filterContext to a RedirectResult, not do a redirect on the response.

您希望将filterContext上的Result设置为RedirectResult,而不是对响应进行重定向。

 filterContext.Result = new RedirectResult { Url = loginUrl };

EDIT: As @Hunter Daley suggests a better mechanism would be to use the AuthorizeAttribute instead if it works for you. If you do have authentication/authorization scenarios that the AuthorizeAttribute doesn't work for, it would probably be better to derive your custom attribute from it instead of the more generic ActionFilterAttribute. In any event, the correct technique is to set the Result rather than interact with the Response directly. You might want to look at the actual AuthorizeAttribute source at http://www.codeplex.com/aspnet for ideas.

编辑:正如@Hunter Daley建议的更好的机制是使用AuthorizeAttribute,如果它适合你。如果您确实具有AuthorizeAttribute不起作用的身份验证/授权方案,那么从它派生自定义属性可能更好,而不是更通用的ActionFilterAttribute。无论如何,正确的技术是设置结果而不是直接与Response交互。您可能需要查看http://www.codeplex.com/aspnet上的实际AuthorizeAttribute源以获取相关信息。

I've got a sample of custom authorization code on my blog, http://farm-fresh-code.blogspot.com, too.

我的博客http://farm-fresh-code.blogspot.com上也有自定义授权代码示例。

#2


2  

try adding the [Authorize] attribute to your Action methods instead

尝试将[Authorize]属性添加到Action方法中

#3


2  

Add

filterContext.HttpContext.Response.Clear();

at first and this at End :

起初和结束时:

filterContext.HttpContext.Response.End();

Hope this helps.

希望这可以帮助。

#4


0  

you can use return RedirectToAction("Index", "Home/Login", new {area = "", returnURL = Request.Url.AbsolutePath}); to stop the current processing, redirect to the desired (login) page and quit the action. the area route property is needed to get out of the current area if you are in any.

你可以使用return RedirectToAction(“Index”,“Home / Login”,new {area =“”,returnURL = Request.Url.AbsolutePath});停止当前处理,重定向到所需(登录)页面并退出操作。如果您在任何区域,则需要区域路线属性才能离开当前区域。

#1


26  

You want to set the Result on the filterContext to a RedirectResult, not do a redirect on the response.

您希望将filterContext上的Result设置为RedirectResult,而不是对响应进行重定向。

 filterContext.Result = new RedirectResult { Url = loginUrl };

EDIT: As @Hunter Daley suggests a better mechanism would be to use the AuthorizeAttribute instead if it works for you. If you do have authentication/authorization scenarios that the AuthorizeAttribute doesn't work for, it would probably be better to derive your custom attribute from it instead of the more generic ActionFilterAttribute. In any event, the correct technique is to set the Result rather than interact with the Response directly. You might want to look at the actual AuthorizeAttribute source at http://www.codeplex.com/aspnet for ideas.

编辑:正如@Hunter Daley建议的更好的机制是使用AuthorizeAttribute,如果它适合你。如果您确实具有AuthorizeAttribute不起作用的身份验证/授权方案,那么从它派生自定义属性可能更好,而不是更通用的ActionFilterAttribute。无论如何,正确的技术是设置结果而不是直接与Response交互。您可能需要查看http://www.codeplex.com/aspnet上的实际AuthorizeAttribute源以获取相关信息。

I've got a sample of custom authorization code on my blog, http://farm-fresh-code.blogspot.com, too.

我的博客http://farm-fresh-code.blogspot.com上也有自定义授权代码示例。

#2


2  

try adding the [Authorize] attribute to your Action methods instead

尝试将[Authorize]属性添加到Action方法中

#3


2  

Add

filterContext.HttpContext.Response.Clear();

at first and this at End :

起初和结束时:

filterContext.HttpContext.Response.End();

Hope this helps.

希望这可以帮助。

#4


0  

you can use return RedirectToAction("Index", "Home/Login", new {area = "", returnURL = Request.Url.AbsolutePath}); to stop the current processing, redirect to the desired (login) page and quit the action. the area route property is needed to get out of the current area if you are in any.

你可以使用return RedirectToAction(“Index”,“Home / Login”,new {area =“”,returnURL = Request.Url.AbsolutePath});停止当前处理,重定向到所需(登录)页面并退出操作。如果您在任何区域,则需要区域路线属性才能离开当前区域。