如果会员用户尝试访问特定文件夹并且角色现在允许,系统将重定向到/ Account / Index并再次请求登录和密码。
我想更改该行为,因为用户已经登录,我只想重定向到另一个/控制器/操作。
我能从这里得到一些帮助吗? 提前谢谢。
答案 0 :(得分:0)
我在所有的Web应用程序中都做了类似的事情。如果用户已经过身份验证,但不满足查看页面的安全要求,则会抛出HTTP 403异常,然后显示403异常的特定视图。
这是我的自定义授权属性的代码段:
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
if (filterContext.HttpContext.Request.IsAuthenticated) {
//If the user is authenticated, but not authorized to view the requested page (i.e. not a member of the correct group), return an HTTP 403 exception.
throw new HttpException(403, string.Format("The user {0} was not authorized to view the following page: {1}", filterContext.HttpContext.User.Identity.Name, filterContext.HttpContext.Request.Url));
} else {
base.HandleUnauthorizedRequest(filterContext);
}
}
以下是我的Global.asax的片段,其中我实际执行了视图响应(这假定存在ErrorController,然后是名为Error403的视图:
protected void Application_Error() {
var exception = Server.GetLastError();
var httpException = exception as HttpException;
Response.Clear();
Server.ClearError();
var routeData = new RouteData();
routeData.Values["controller"] = "Error";
routeData.Values["action"] = "Error500";
Response.StatusCode = 500;
Response.TrySkipIisCustomErrors = true;
if (httpException != null) {
Response.StatusCode = httpException.GetHttpCode();
switch (Response.StatusCode) {
case 403:
routeData.Values["action"] = "Error403";
break;
case 404:
routeData.Values["action"] = "Error404";
routeData.Values["message"] = httpException.Message;
break;
case 500:
routeData.Values["action"] = "Error500";
break;
}
}
IController errorsController = new ErrorController();
var rc = new RequestContext(new HttpContextWrapper(Context), routeData);
errorsController.Execute(rc);
}