ASP.Net MVC授权行动过滤器 [英] ASP.Net MVC Authorisation action filter

问题描述

我试图理解错误处理在MVC preVIEW 4使用授权[授权]操作过滤器时，是如何工作的。

I'm trying to understand how error handling works when using the Authorize [Authorize] Action Filter in MVC Preview 4.

我有一个看起来像这样的动作：

I have an action that looks like this:

[Authorize(Roles = "DOMAIN\\NOTAUTHORISED_ROLE" )]
[HandleError]
public ActionResult NeedAuthorisation()
{
    throw new NotImplementedException();
}

在我访问的网址：的http：//本地主机：2197 / testAuthorisation / NeedAuthorisation ，我得到了我的浏览器中的空白页。在Firebug我可以看到有人要求和 401的响应状态 - 未经授权已返回。但我不会被重定向或有customError返回。使用我授权的角色时一切正常。

When I visit the url: http://localhost:2197/testAuthorisation/NeedAuthorisation, I get a blank page in my browser. In Firebug I can see that a request was made and a response-status of 401 - Unauthorised has been returned. But I'm not being redirected or having a customError returned. Everything works as expected when using a role that I'm authorized for.

这是使用Windows身份验证。我在写一些code尝试Forms身份验证，看看我得到了同样的问题的中间。
我有＆LT;的customErrors模式=ON/方式＆gt; 设置并创建了错误页面，无论是在testAuthorisation文件夹和共享文件夹

This is using Windows authentication. I'm in the middle of writing some code to try out Forms authentication to see if I get the same issue. I have <customerrors mode="On"/> set and have created error pages, both in the testAuthorisation folder and the Shared folder.

推荐答案

我最终发现的这解决了我的问题，这MVC教程：

当您尝试调用一个控制器动作究竟发生了什么
  而不正确的权限取决于类型
  认证功能。默认情况下，使用ASP.NET开发时
  服务器，你只要得到一个空白页。该页面送达401不
  授权HTTP响应状态。

Exactly what happens when you attempt to invoke a controller action without being the right permissions depends on the type of authentication enabled. By default, when using the ASP.NET Development Server, you simply get a blank page. The page is served with a 401 Not Authorized HTTP Response Status.

这篇关于ASP.Net MVC授权行动过滤器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！