身份验证后运行JavaScript，而不是重定向 [英] Run Javascript after authentication instead of redirecting

问题描述

短版：？什么是留在同一页面上收到一个ASP.NET AJAX成员身份验证响应之后，运行第二个AJAX调用的最好方法。

Short version: What's the best way to stay on the same page to run a second AJAX call after an AJAX ASP.NET Membership Authentication response is received?

长版：想象一下，建于ASP.NET MVC基于web的画图程序。用户描绘了一幅图片，在此期间，用户的会话超时。用户点击保存，并提示一个AJAX对话框，在您的会话超时，请在下面输入您的凭据。 （见 jQuery的窗体身份验证的ASP.NET MVC 怎么办AJAX验证。）输入有效凭据后，用户将重新进行身份验证。

Long version: Imagine a web-based Paint program built in ASP.NET MVC. The user paints a picture, during which time the user's session has timed out. The user hits "save" and is prompted with an AJAX dialog, "Your session has timed out. Please enter your credentials below." (See jQuery Forms Authentication with ASP.NET MVC for how to do AJAX authentication.) After entering valid credentials, the user is re-authenticated.

通常情况下，在这一点上，用户会被重定向到 RETURNURL ，是显而易见的，通过MVC的默认登录方法签名：

Typically, at this point, users are redirected to returnUrl, as is evident by MVC's default login method signature:

public ActionResult LogOn(LogOnModel model, string returnUrl)

然而，在这种情况下，我想留在同一页上，而是做一个AJAX调用我的处理程序， SaveArt（），这将写入用户的工作到数据库。我可以劫持 RETURNURL 有它包含随后的JavaScript函数的名称，我想打电话，但我能想到的唯一办法来执行它从客户端与可怕的评估，它根本不显得安全。有另一种方式，充分AJAXify这一进程？什么是使用的危险评估这里，运行，其名称由服务器返回？函数

However, in this case, I would like to stay on the same page and instead make an AJAX call to my handler, SaveArt(), which will write the user's work to the database. I could hijack returnUrl to have it contain the name of the subsequent Javascript function I'd like to call, but the only way I can think to execute it from the client is with the dreaded eval, which does not at all seem secure. Is there another way to fully AJAXify this process? What are the dangers of using eval here, to run a function whose name is returned by the server?

推荐答案

如果您使用的是一个Ajax请求做登录，您可以修改的AccountController它使用几个其他的Request.IsAjaxRequest（）（或一个检测方法），并返回一个JSON对象与登录请求而不是重定向的结果。从那里，你只需要处理的对象来显示结果。

If you are using an an Ajax request to do the login, you can modify the accountcontroller to detect it using Request.IsAjaxRequest() (or one of several other methods) and return a json object with the result of the login request instead of a redirect. From there you just need to handle that object to display the result.

- 修订后的答案 -

--Amended answer--

您需要做的是从Ajax调用检查响应code您继续之前，无论你想做的事.. jQuery的1.5的Ajax（）方法可以让你做到这一点：

What you need to do is check the responsecode from the ajax call before you continue on in whatever you wanted to do.. jQuery 1.5's ajax() method allows you to do this:

$.ajax({
  statusCode: {404: function() {
    alert('page not found');
  }
});

在你的情况下，只要你确实使用[授权]属性，你必须处理401状态code。有可能在那里你会显示你的登录对话框。当你实例化你的登录对话框通过在一个封闭调用SaveArt（）函数了。

In your case, provided you are indeed using the [Authorize] attribute, you have to handle the 401 status code. There is likely where you would show your login dialog. When you instantiate your login dialog pass in a closure that calls the SaveArt() function again.

希望这更有助于你。

这篇关于身份验证后运行JavaScript，而不是重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！