在不同条件下重定向到不同的页面

时间:2014-12-11 13:03:01

标签: c# asp.net-mvc

在我的asp.net mvc项目中,我有类似的东西

<authentication mode="Forms">
  <forms loginUrl="~/Site/NotAuthorize" timeout="2880" />
</authentication>

如果授权失败,则会将用户重定向到此页面。有没有办法,我可以有一些条件,如果用户没有登录然后把他带到另一个页面,如果用户登录但没有访问该页面的权限,然后带他到不同的页面?

这是我授权的方式

public class AuthorizeUser : AuthorizeAttribute
{
    public String UserRole { get; set; }
    public string OrganizationType { get; set; }
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
        {
            return false;
        }
        return CheckOrganizationType.checkRole(this.UserRole, this.OrganizationType, Auth.CurrentUser);
    }
}

1 个答案:

答案 0 :(得分:1)

您还应该覆盖OnAuthorization方法,将用户重定向到正确的位置。

public class AuthorizeUser : AuthorizeAttribute
{
    public String UserRole { get; set; }
    public string OrganizationType { get; set; }

    private bool _hasPermission;

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
        {
            return false;
        }

        _hasPermission = CheckOrganizationType.checkRole(this.UserRole, this.OrganizationType, Auth.CurrentUser);
        return true;
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (AuthorizeCore(filterContext.HttpContext))
        {
            // ** IMPORTANT **
            // Since we're performing authorization at the action level, the authorization code runs
            // after the output caching module. In the worst case this could allow an authorized user
            // to cause the page to be cached, then an unauthorized user would later be served the
            // cached page. We work around this by telling proxies not to cache the sensitive page,
            // then we hook our custom authorization code into the caching mechanism so that we have
            // the final say on whether a page should be served from the cache.

            HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
            cachePolicy.SetProxyMaxAge(new TimeSpan(0));
            cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);

            if (!_hasPermission)
            {
               filterContext.Result = new RedirectResult("/YourHasNoPermissionUrl")
            }
         } 
         else 
         {
             filterContext.Result = new RedirectResult("/YourUnauthorizedUrl")
         }

     }
     private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
     {
         validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
     }
}