在asp.net MVC 4中授权ajax请求的属性

I have an action method and posting to it using ajax like this:

我有一个动作方法，并使用像这样的ajax发布到它：

 $.ajax({
                    url: "/GetSearchCriteria",
                    type: "GET",  //these is must               
                    cache: false,  //these is for IE
                    contentType: "application/json; charset=utf-8",
                    dataType: "json",
                    data: {
                        VehicleId : vehicleId                      
                    },
                }).done(function (data) {
                        debugger;                  


                        $('#myModal').modal('show');                   

                });

I have defined action method like this:

我已经定义了这样的动作方法：

  [AjaxAuthorize]
        [GET("GetSearchCriteria")]
        public ActionResult GetSearchCriteria(VehicleSearchModel model)
        {

            return Json(model , JsonRequestBehavior.AllowGet);
        }

and Authorize method for ajax requests like this:

和ajax请求的授权方法，如下所示：

 public class AjaxAuthorizeAttribute : AuthorizeAttribute
    {
        protected override void HandleUnauthorizedRequest(AuthorizationContext context)
        {
            if (context.HttpContext.Request.IsAjaxRequest())
            {
                var urlHelper = new UrlHelper(context.RequestContext);
                context.HttpContext.Response.StatusCode = 403;
                context.Result = new JsonResult
                {
                    Data = new
                    {
                        Error = "NotAuthorized",
                        LogOnUrl = "/Login" //urlHelper.Action("LogOn", "Account")
                    },
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet
                };
            }
            else
            {
                base.HandleUnauthorizedRequest(context);
            }
        }
    }

and then this javacript code:

然后这个javacript代码：

  $(function () {
            $(document).ajaxError(function (e, xhr) {
                debugger;
                if (xhr.status == 403) {
                    var response = $.parseJSON(xhr.responseText);
                    window.location = response.LogOnUrl;
                }
            });
        });

1). I see that most of times this authorize attribute is not hit. 2). Even If it is hit, then user is redirected to logic page but no return url is appended to url. 3). Any user can login( even if he is not authorized to login. I want only users with Role Customer to login other wise to redirect them to not authorized page.

1）。我发现大多数时候这个授权属性都没有被击中。 2）。即使它被命中，然后用户被重定向到逻辑页面，但没有返回url附加到url。 3）。任何用户都可以登录（即使他没有被授权登录。我只希望有角色客户的用户以其他方式登录，将他们重定向到非授权页面。

Please suggest how to do it.

请建议怎么做。

2 个解决方案

#1

Please make sure you don't have a regular [Authorize] attribute on the Controller level.

请确保您在Controller级别没有常规[Authorize]属性。

Because if so, your custom [AjaxAuthorize] won't be hit.

因为如果是这样，您的自定义[AjaxAuthorize]将不会被命中。

#2

-1

Add AttributeUsage to your class:

将AttributeUsage添加到您的班级：

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class,
                AllowMultiple = false, Inherited = true)]
public class AjaxAuthorizeAttribute : AuthorizeAttribute { ... }

#1