在我的C#MVC4应用程序中,我正在执行一些不同的重定向到自定义授权属性内部的操作,具体取决于用户是否以某个角色登录,等等。
我已将authorize属性放在我的某个操作结果上方。如果用户未登录或未经过身份验证或登录但不是我检查过的任何一个组的成员,我希望执行操作结果中的代码。如果用户已登录并且是任一组的成员,我希望重定向到另一个操作(这当前正在工作)。
使用我当前的代码,根据需要重新定向登录的和指定组内的代码。其他类别中列出的所有内容都会导致我的AuthorizationContext为null。知道当调用HandleUnauthorizedRequest为空时,我试图覆盖它以允许访问原始的actionresult但是无法弄明白。
无论我尝试什么,我都会收到错误:Object Reference not set to an instance of an object:filterContext.Result = new RedirectToRouteResult(
我的授权属性代码如下:
public class AuthorizeEditAttribute : AuthorizeAttribute
{
public string hName { get; set; }
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
// Check if user is authenticated and if this action requires authorization
if (filterContext.HttpContext.User.Identity.IsAuthenticated
&& filterContext.ActionDescriptor.IsDefined(typeof(AuthorizeAttribute), true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AuthorizeAttribute), true))
{
List<object> attributes = new List<object>(filterContext.ActionDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true));
attributes.AddRange(filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true));
hName = filterContext.Controller.ValueProvider.GetValue("hSearch").AttemptedValue;
// Check all authorzation attributes
foreach (var attribute in attributes)
{
var authAttribute = attribute as AuthorizeAttribute;
if (authAttribute != null)
{
if ((filterContext.HttpContext.User.IsInRole("TCL-CAdmin")) || (filterContext.HttpContext.User.IsInRole("TCL-C Group")))
{
// User is not authorized to perform edits so redirect to Index_Perm ActionResult
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
//{ "area", "" },
{ "controller", "Home" },
{ "action", "Index_Perm" },
{ "hSearch", hName.ToString() }
});
break;
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
//{ "area", "" },
{ "controller", "Home" },
{ "action", "Index" },
{ "hSearch", hName.ToString() }
});
break;
}
}
}
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "controller", "Home" },
{ "action", "Index" },
{ "hSearch", hName.ToString() }
});
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "controller", "Home" },
{ "action", "Index" },
{ "hSearch", hName.ToString() }
});
}
}
}
我没有覆盖HandleUnauthorizedRequest,而是尝试修改OnAuthorization的开头部分,如下所示:
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (filterContext.Result is HttpUnauthorizedResult)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "controller", "Home" },
{ "action", "Index" },
{ "hSearch", hName.ToString() }
});
}
我仍然收到有关对象引用的相同警告。
答案 0 :(得分:0)
问题是由路由值“hSearch”引起的,该值被分配了hName的值。 hName在我的每次尝试中始终为null,因为我没有设置它的值,直到从未被命中的行hName = filterContext.Controller.ValueProvider.GetValue("hSearch").AttemptedValue;。