重定向到存取遭拒页面时用户无权 [英] Redirect to AccessDenied page when user is not authorized

问题描述

我创建了我把我的控制器定制AuthorizationAttribute。我跟着这篇文章。我实现了自定义的授权逻辑在OnAuthorization方法，并能正常工作。当用户没有授权我目前做如下：

I have created a custom AuthorizationAttribute which I'm placing on my controllers. I followed this article. I've implemented custom authorization logic in the OnAuthorization method and this works fine. When the user fails authorization I'm currently doing the following:

// if authorization check fails...
filterContext.Result = new HttpUnauthorizedResult();

这将显示一个用户名/密码提示。

This displays a username/password prompt.

我的问题是什么是推荐的方式向用户发送一个访问被拒绝类型的页面时，他们失败的授权？

My question is what is the recommended way send the user to a "Access Is Denied" type page when they fail authorization?

我使用MVC3。

推荐答案

在我去直重定向结束：

public override void OnAuthorization(AuthorizationContext filterContext)
...
// if authorization check fails...
filterContext.Result = new RedirectResult(AccessDeniedPage);

编辑：罗布科纳有一个非常好的文章带的 ASP.NET MVC：保护您的控制器操作

Rob Conery has a very good article describing this in detail with ASP.NET MVC: Securing Your Controller Actions

这篇关于重定向到存取遭拒页面时用户无权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！