未授权用户时出现登录对话框

时间:2016-01-14 19:09:18

标签: c# angularjs web asp.net-web-api

为了尝试在我的网络应用中实施安全性,我创建了一个源自AuthorizeAttribute的属性。

public class FunctionalityAttribute : AuthorizeAttribute
{
    public string FunctionalityName { get; set; }

    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        string adGroup = WebConfigurationManager.AppSettings[FunctionalityName];

        if (actionContext.RequestContext.Principal.IsInRole(adGroup)) { return true; }

        return false; // This causes a login dialog to appear. I don't want that.
    }
}

以下是我在Web API方法中的使用方法:

[Functionality(FunctionalityName = "GetApps")]
public IEnumerable<ApplicationDtoSlim> Get()
{
    using (var prestoWcf = new PrestoWcf<IApplicationService>())
    {
        return prestoWcf.Service.GetAllApplicationsSlim().OrderBy(x => x.Name);
    }
}

它确实有效。但问题是当我没有被授权时会发生什么:

enter image description here

我不希望这个对话框出现。我已经登录了。我想让用户知道他们没有被授权。如何进行登录对话框?

2 个答案:

答案 0 :(得分:0)

您还需要覆盖HandleUnauthorizedRequest 

  protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
  {
    System.Web.Routing.RouteValueDictionary rd = null;
    if (filterContext.HttpContext.User.Identity.IsAuthenticated)
    {
        //Redirect to Not Authorized
        rd = new System.Web.Routing.RouteValueDictionary(new { action = "NotAuthorized", controller = "Error", area = "" });
    }
    else
    {
        //Redirect to Login
        rd = new System.Web.Routing.RouteValueDictionary(new { action = "Login", controller = "Account", area = "" });
        //See if we need to include a ReturnUrl
        if (!string.IsNullOrEmpty(filterContext.HttpContext.Request.RawUrl) && filterContext.HttpContext.Request.RawUrl != "/")
            rd.Add("ReturnUrl", filterContext.HttpContext.Request.RawUrl);
    }
    //Set context result
    filterContext.Result = new RedirectToRouteResult(rd);
  }

答案 1 :(得分:0)

HandleUnauthorizedRequest中,使用HttpStatusCode Forbidden,因为Unauthorized会导致显示登录提示。这是整个属性类。

public class FunctionalityAttribute : AuthorizeAttribute
{
    public string FunctionalityName { get; set; }

    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        string adGroup = WebConfigurationManager.AppSettings[FunctionalityName];

        if (actionContext.RequestContext.Principal.IsInRole(adGroup)) { return true; }

        return false;
    }

    protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
    {
        // Authenticated, but not authorized.
        if (actionContext.RequestContext.Principal.Identity.IsAuthenticated)
        {
            // Use Forbidden because Unauthorized causes a login prompt to display.
            actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
        }
    }
}

这就是我在角度存储库中处理它的方式:

    $http.get('/PrestoWeb/api/apps/')
        .then(function (result) {
            // do success stuff
        }, function (response) {
            console.log(response);
            if (response.status == 403) {
                $rootScope.setUserMessage("Unauthorized");
                callbackFunction(null);
            }
        });
相关问题
最新问题