ASP MVC 5登录用户仍然可以访问登录页面和注册页面吗? [英] ASP MVC 5 Logged in User can still access Login and Registration Pages?
问题描述
我有一个ASP MVC 5应用程序,并且我注意到登录的用户仍然可以访问注册和登录页面.我还注意到,当登录用户尝试访问未经授权的控制器操作时,他们将被重定向到登录页面.这令人困惑,因为用户已经登录.
I have an ASP MVC 5 application and I've noticed that logged in user can still access the registration and login pages. I've also noticed that when a logged in user tries to access a controller action to which they are not authorized, they are redirected to the login page. This is confusing because the user is already logged in.
如何解决此问题,以便未经授权的情况下重定向到其他401错误页面或视图.
How do I fix this so that unauthorised redirects to some other 401 error page or view.
推荐答案
在注册/登录页面上,您可以重定向登录的用户:
On registration/login page, you can redirect logged users :
// GET: /Account/Login
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
if (User.Identity.IsAuthenticated)
{
return RedirectToAction("Index", "Account");
}
// ...
}
如果使用角色,则可以覆盖AuthorizeAttribute
And if you use role, you can override the AuthorizeAttribute
[AuthorizeRole(Roles="Admin")]
public ActionResult Admin()
{
//...
}
AuthorizeRoleAttribute.cs
覆盖 HandleUnauthorizedRequest
AuthorizeRoleAttribute.cs
Override HandleUnauthorizedRequest
public class AuthorizeRoleAttribute : AuthorizeAttribute
{
public override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.User.Identity.IsAuthenticated
// Check if user is in roles
&& Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))
{
// Not in any role change view
filterContext.Result = new ViewResult
{
ViewName = "~/Views/Shared/UnauthorizedRole.cshtml"
};
}
else{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
这篇关于ASP MVC 5登录用户仍然可以访问登录页面和注册页面吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!