AuthorizeFilter失败时如何返回403而不是重定向到拒绝访问 [英] How to return 403 instead of redirect to access denied when AuthorizeFilter fails
本文介绍了AuthorizeFilter失败时如何返回403而不是重定向到拒绝访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在Startup.ConfigureServices()中,我这样配置授权过滤器:
In Startup.ConfigureServices() I configure authorization filter like this:
services.AddMvc(options =>
{
options.Filters.Add(new AuthorizeFilter(myAuthorizationPolicy));
})
并且我使用基于配置的cookie身份验证或AAD身份验证:
and I use either cookie authentication or AAD authentication based on config:
if (useCookieAuth)
{
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
}
else
{
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("Authentication:AzureAd", options));
}
现在,当我访问页面并且myAuthorizationPolicy失败时,我被重定向到"Account/AccessDenied?ReturnUrl =%2F",但是我想返回403.
Now, when I visit a page and myAuthorizationPolicy fails, I'm redirected to "Account/AccessDenied?ReturnUrl=%2F", but I want to return 403 instead.
推荐答案
似乎您必须重写OnRedirectToAccessDenied
It seems that you have to override the OnRedirectToAccessDenied
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options => {
options.Events.OnRedirectToAccessDenied = context => {
context.Response.StatusCode = 403;
return Task.CompletedTask;
};
});
这篇关于AuthorizeFilter失败时如何返回403而不是重定向到拒绝访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
