ASP.NET MVC授权属性做了302重定向,当用户未授权 [英] ASP.NET MVC Authorize Attribute does a 302 redirect when the user is not authorized
问题描述
MSDN明确表示,它应该做401重定向,但我得到一个302重定向FF,这也是造成在AJAX请求问题,返回状态是200(从重定向的页面)。
MSDN explicitly says it should do 401 redirect, but I'm getting a 302 redirect on FF, and this is causing problems in AJAX requests as the returned status is 200 (from the redirected page).
<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx\">http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx
我发现别人用了同样的问题:
http://blog.nvise.com/?p=26
I've found someone else with the same problem: http://blog.nvise.com/?p=26
任何其他解决办法,除了他的?
Any other solution, besides his?
推荐答案
该授权属性的确实的返回一个HTTP 401未授权的响应。然而不幸的是,如果你启用了FormsAuthentication,401是由FormsAuthenticationModule,然后进行重定向到登录页面截获 - 然后返回一个HTTP 200(和登录页)回到您的Ajax请求
The Authorize attribute does return a Http 401 Unauthorized response. Unfortunately, however if you have FormsAuthentication enabled, the 401 is intercepted by the FormsAuthenticationModule which then performs a redirect to the login page - which then returns a Http 200 (and the login page) back to your ajax request.
最好的办法是写自己的授权属性,然后如果你得到一个未经身份验证的要求,这也是一个Ajax请求,返回不同的HTTP状态code - 说403 - 这不是由formsAuthenticationModule抓住,你可以在你的Ajax方法来抓。
The best alternative is to write your own authorization attribute, and then if you get an unauthenticated request that is also an Ajax request, return a different Http status code - say 403 - which is not caught by the formsAuthenticationModule and you can catch in your Ajax method.
这篇关于ASP.NET MVC授权属性做了302重定向,当用户未授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!