ASP.NET MVC授权属性做了302重定向，当用户未授权 [英] ASP.NET MVC Authorize Attribute does a 302 redirect when the user is not authorized

问题描述

MSDN明确表示，它应该做401重定向，但我得到一个302重定向FF，这也是造成在AJAX请求问题，返回状态是200（从重定向的页​​面）。

MSDN explicitly says it should do 401 redirect, but I'm getting a 302 redirect on FF, and this is causing problems in AJAX requests as the returned status is 200 (from the redirected page).

<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx\">http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx

我发现别人用了同样的问题：
http://blog.nvise.com/?p=26

I've found someone else with the same problem: http://blog.nvise.com/?p=26

任何其他解决办法，除了他的？

Any other solution, besides his?

推荐答案

该授权属性的确实的返回一个HTTP 401未授权的响应。然而不幸的是，如果你启用了FormsAuthentication，401是由FormsAuthenticationModule，然后进行重定向到登录页面截获 - 然后返回一个HTTP 200（和登录页）回到您的Ajax请求

The Authorize attribute does return a Http 401 Unauthorized response. Unfortunately, however if you have FormsAuthentication enabled, the 401 is intercepted by the FormsAuthenticationModule which then performs a redirect to the login page - which then returns a Http 200 (and the login page) back to your ajax request.

最好的办法是写自己的授权属性，然后如果你得到一个未经身份验证的要求，这也是一个Ajax请求，返回不同的HTTP状态code - 说403 - 这不是由formsAuthenticationModule抓住，你可以在你的Ajax方法来抓。

The best alternative is to write your own authorization attribute, and then if you get an unauthenticated request that is also an Ajax request, return a different Http status code - say 403 - which is not caught by the formsAuthenticationModule and you can catch in your Ajax method.

这篇关于ASP.NET MVC授权属性做了302重定向，当用户未授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！