授权属性Ajax请求的asp.net MVC 4 [英] Authorize attribute for ajax requests in asp.net MVC 4

问题描述

我用ajax这样有一个操作方法，并张贴到它：

I have an action method and posting to it using ajax like this:

 $.ajax({
                    url: "/GetSearchCriteria",
                    type: "GET",  //these is must               
                    cache: false,  //these is for IE
                    contentType: "application/json; charset=utf-8",
                    dataType: "json",
                    data: {
                        VehicleId : vehicleId                      
                    },
                }).done(function (data) {
                        debugger;                  


                        $('#myModal').modal('show');                   

                });

像这样

我已经定义操作方法：

I have defined action method like this:

  [AjaxAuthorize]
        [GET("GetSearchCriteria")]
        public ActionResult GetSearchCriteria(VehicleSearchModel model)
        {

            return Json(model , JsonRequestBehavior.AllowGet);
        }

和授权的方法是这样的Ajax请求：

and Authorize method for ajax requests like this:

 public class AjaxAuthorizeAttribute : AuthorizeAttribute
    {
        protected override void HandleUnauthorizedRequest(AuthorizationContext context)
        {
            if (context.HttpContext.Request.IsAjaxRequest())
            {
                var urlHelper = new UrlHelper(context.RequestContext);
                context.HttpContext.Response.StatusCode = 403;
                context.Result = new JsonResult
                {
                    Data = new
                    {
                        Error = "NotAuthorized",
                        LogOnUrl = "/Login" //urlHelper.Action("LogOn", "Account")
                    },
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet
                };
            }
            else
            {
                base.HandleUnauthorizedRequest(context);
            }
        }
    }

和那么这javacript code：

and then this javacript code:

  $(function () {
            $(document).ajaxError(function (e, xhr) {
                debugger;
                if (xhr.status == 403) {
                    var response = $.parseJSON(xhr.responseText);
                    window.location = response.LogOnUrl;
                }
            });
        });

1）。我看到大部分的时候这个授权属性没有击中。 2）。即使被击中，那么用户会被重定向到逻辑的页面，但没有返回URL追加到URL。 3）。任何用户都可以登录（即使他没有被授权登录。我只希望用户角色的用户登录其他明智的重定向到未经授权的页面。

1). I see that most of times this authorize attribute is not hit. 2). Even If it is hit, then user is redirected to logic page but no return url is appended to url. 3). Any user can login( even if he is not authorized to login. I want only users with Role Customer to login other wise to redirect them to not authorized page.

请建议如何做到这一点。

Please suggest how to do it.

推荐答案

请确保你没有规律 [授权] 在<$ C $属性C>控制器的水平。

Please make sure you don't have a regular [Authorize] attribute on the Controller level.

由于如果是这样，您的自定义 [AjaxAuthorize] 将不会被击中。

Because if so, your custom [AjaxAuthorize] won't be hit.

这篇关于授权属性Ajax请求的asp.net MVC 4的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！