抛出HTTP错误403.14 - 创建新记录后禁止

时间:2016-11-05 17:15:18

标签: asp.net-mvc asp.net-mvc-4 claims-based-identity authorize-attribute

1- AuthorizeUserAttribute.cs是服装授权属性的类

public class AuthorizeUserAttribute : AuthorizeAttribute
{
    public string AccessLevel { get; set; }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
            return false;

        if (this.AccessLevel.Contains("Admin"))
        {
            return true;
        }
        else return false;
    }

2-这是我的控制者

[AuthorizeUser(AccessLevel = "Admin")]
public class ProductsController : Controller
{
    private DataBaseContext db = new DataBaseContext();
    public ActionResult Index()
    {
        var product = db.Product.Include(p => p.ProductGroup);
        return View(product.ToList());
    }
}
 [AuthorizeUser(AccessLevel = "Admin")]
    public ActionResult Create([Bind(Include = "Product_Id,ProductName,Description,PicUrl,Group_Id")] Product product)
    {
        if (ModelState.IsValid)
        {
            db.Product.Add(product);
            db.SaveChanges();
            return RedirectToAction("Index");
        }

        ViewBag.Group_Id = new SelectList(db.ProductGroups, "Group_Id", "GreoupName", product.Group_Id);
        return View(product);
    }

start_up文件夹中的3-FilterConfig.cs 

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());
        filters.Add(new AuthorizeAttribute());
        filters.Add(new AuthorizeUserAttribute());

    }

}

4的Global.asax.cs 

void Application_Start(object sender, EventArgs e)
    {
        // Code that runs on application startup
        AreaRegistration.RegisterAllAreas();
        GlobalConfiguration.Configure(WebApiConfig.Register);
        RouteConfig.RegisterRoutes(RouteTable.Routes);     
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;

    }

5- Admin1Controller.cs用于登录等... 

 [HttpPost]
    public ActionResult Login(LoginViewModel model)
    {
        if (!ModelState.IsValid) //Checks if input fields have the correct format
        {
            return View(model); //Returns the view with the input values so that the user doesn't have to retype again
        }

                if(model.Email == "info@psmgroups.com" & model.Password == "@1234psm")
                    { 
                var identity = new ClaimsIdentity(new[] {
                                              new Claim(ClaimTypes.Name,"Admin" ),
                                              new Claim(ClaimTypes.Email, "info@psmgroups.com"),
                                              new Claim(ClaimTypes.Role,"Admin")

                                                }, "ApplicationCookie");

                var ctx = Request.GetOwinContext();
                var authManager = ctx.Authentication;
                authManager.SignIn(identity);

                        return Redirect(GetRedirectUrl(model.ReturnUrl));
                    }
        ModelState.AddModelError("", "incorrect UserName or pass");
        return View(model);


    }
private string GetRedirectUrl(string returnUrl)
    {
        if (string.IsNullOrEmpty(returnUrl) || !Url.IsLocalUrl(returnUrl))
        {
            return Url.Action("index", "Admin1");
        }
        return returnUrl;
    }

创建新产品并返回产品/显示HTTP错误403.14 - 禁止页面。 写产品/索引显示正确页面

1 个答案:

答案 0 :(得分:0)

尝试公开所有内容并查看错误是否发生变化

相关问题
最新问题