重定向到另一个页面时用户没有在asp.net MVC3授权 [英] Redirect to another page when user is not authorized in asp.net mvc3

问题描述

我读过

<一个href=\"http://stackoverflow.com/questions/6770563/how-to-easily-redirect-if-not-authenticated-in-mvc-3\">How如果MVC 3未通过身份验证可以轻松地重定向？并
<一href=\"http://stackoverflow.com/questions/6329524/redirect-to-accessdenied-page-when-user-is-not-authorized\">Redirect到存取遭拒页面时的用户无权的而是从一个答案（装置的链接<一href=\"http://wekeroad.com/2008/03/12/aspnet-mvc-securing-your-controller-actions/\">http://wekeroad.com/2008/03/12/aspnet-mvc-securing-your-controller-actions/)不工作。

How to easily redirect if not authenticated in MVC 3? and Redirect to AccessDenied page when user is not authorized but the link from an answer (means http://wekeroad.com/2008/03/12/aspnet-mvc-securing-your-controller-actions/) doesn't work.

我把

[Authorize(Users = "test")]
    public class RestrictedPageController: Controller
    {

        public ActionResult Index()
        {
           return View();
        }

 ....
    }

和在我的web.config，我已经

And in my web.config, I have already

 <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" />
 </authentication>

与相应的 http://stackoverflow.com/a/6770583/998696

但是，当我要访问 / RestrictedPage /指数，它必须我重定向到其他页面（从其他控制器）。取而代之的是，将出现错误，如：

But when I want to access /RestrictedPage/Index, it must redirect me to other page (from other controller). Instead of this, the error appears like:

Server Error in '/Project' Application.

The view 'LogOn' or its master was not found or no view engine supports the searched locations. The following locations were searched:
~/Views/Account/LogOn.aspx
~/Views/Account/LogOn.ascx
~/Views/Shared/LogOn.aspx
~/Views/Shared/LogOn.ascx
~/Views/Account/LogOn.cshtml
~/Views/Account/LogOn.vbhtml
~/Views/Shared/LogOn.cshtml
~/Views/Shared/LogOn.vbhtml

登陆之前，登录页面的表单显示正确，但访问 / RestrictedPage /指数页时，会出现上述错误。我可以授权访问用户不同的一个登录 RestrictedPage 页

Before login, the Logon page form appears correctly but the above error appears when accessing /RestrictedPage/Index page. I can login with user different one authorized to access RestrictedPage page.

哪里是我的错误，以及如何设置重定向？

Where is my mistake and how setup redirection ?

推荐答案

默认授权属性表现在这样一种方式，当用户的未通过身份验证或验证，但无权的然后将其设置状态code作为 401 。当过滤器设置状态code作为 401 ASP.NET框架检查，如果网站已启用表单认证，如果是然后重定向到 loginUrl 参数设置那里。

The default Authorize attribute behaves in such a way that when the user is not authenticated or authenticated but not authorized then it set the status code as 401 (UnAuthorized). When the filter sets the status code as 401 the ASP.NET framework checks if the website has forms authentication enabled and if it is then redirects to loginUrl parameter set up there.

如果你想改变这种行为说你想，如果用户进行身份验证将用户重定向到一个存取遭拒控制器，但没有授权，那么你必须延长授权属性，并覆盖 HandleUnauthorizedRequest 方法。

If you want to change that behavior say you want to redirect the user to an AccessDenied controller if the user is authenticated but not authorized then you have to extend the Authorize attribute and override the HandleUnauthorizedRequest method.

有关前。

public class CustomAuthorize: AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.Result = new HttpUnauthorizedResult();
        }
        else
        {
           filterContext.Result = new RedirectToRouteResult(new 
               RouteValueDictionary(new { controller = "AccessDenied" }));
        }
    }
}

您可以覆盖 HandleUnauthorizedRequest 根据自己的需要，然后你必须标记控制器的操作来使用 CustomAuthorize 属性而不是内置于一体。

You can override the HandleUnauthorizedRequest as per your need and then you have to mark the controller actions to use the CustomAuthorize attribute instead of the built-in one.

这篇关于重定向到另一个页面时用户没有在asp.net MVC3授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！