使用ASP.NET成员资格，我该怎么让一个403？ [英] With ASP.NET membership, how can I show a 403?

问题描述

在默认情况下，ASP.NET的成员资格提供重定向到当用户没有被授权访问受保护的页面loginUrl。

By default, ASP.NET's membership provider redirects to a loginUrl when a user is not authorized to access a protected page.

有没有将用户重定向到显示自定义403错误页面的方式？

Is there a way to display a custom 403 error page without redirecting the user?

我想避免用户发送到登录页面，并在其地址栏中RETURNURL查询字符串。

I'd like to avoid sending users to the login page and having the ReturnUrl query string in the address bar.

我使用MVC（和授权属性）如果任何人有任何具体的MVC的意见。

I'm using MVC (and the Authorize attribute) if anyone has any MVC-specific advice.

谢谢！

推荐答案

我结束了刚刚创建自定义的授权类，返回我的紫禁城景色。
它完美的作品。

I ended up just creating a custom Authorize class that returns my Forbidden view. It works perfectly.

public class ForbiddenAuthorizeAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }

            if (AuthorizeCore(filterContext.HttpContext))
            {
                // ** IMPORTANT **
                // Since we're performing authorization at the action level, the authorization code runs
                // after the output caching module. In the worst case this could allow an authorized user
                // to cause the page to be cached, then an unauthorized user would later be served the
                // cached page. We work around this by telling proxies not to cache the sensitive page,
                // then we hook our custom authorization code into the caching mechanism so that we have
                // the final say on whether a page should be served from the cache.

                HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
                cachePolicy.SetProxyMaxAge(new TimeSpan(0));
                cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
            }
            else
            {
                // auth failed, display 403 page
                filterContext.HttpContext.Response.StatusCode = 403;
                ViewResult forbiddenView = new ViewResult();
                forbiddenView.ViewName = "Forbidden";
                filterContext.Result = forbiddenView;
            }
        }

        private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
        {
            validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
        }
    }

这篇关于使用ASP.NET成员资格，我该怎么让一个403？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！