未授权用户时出现登录对话框
[英]Login Dialog Appears When User is Not Authorized
问题描述
In an attempt to implement security in my web app, I created an attribute that derives from AuthorizeAttribute . 
为了在Web应用程序中实现安全性,我创建了一个从AuthorizeAttribute派生的属性。
public class FunctionalityAttribute : AuthorizeAttribute
{
public string FunctionalityName { get; set; }
protected override bool IsAuthorized(HttpActionContext actionContext)
{
string adGroup = WebConfigurationManager.AppSettings[FunctionalityName];
if (actionContext.RequestContext.Principal.IsInRole(adGroup)) { return true; }
return false; // This causes a login dialog to appear. I don't want that.
}
}
And here is how it's used in my Web API method: 这是在我的Web API方法中的用法:
[Functionality(FunctionalityName = "GetApps")]
public IEnumerable<ApplicationDtoSlim> Get()
{
using (var prestoWcf = new PrestoWcf<IApplicationService>())
{
return prestoWcf.Service.GetAllApplicationsSlim().OrderBy(x => x.Name);
}
}
It actually works. 它确实有效。 But the issue is what happens when I'm not authorized: 但是问题是当我未被授权时会发生什么:
I don't want that dialog to come up. 我不希望出现该对话框。 I'm already signed in. I want to let the user know that they're not authorized. 我已经登录。我想让用户知道他们未被授权。 How do I make it so that login dialog doesn't come up? 我该如何做才能避免出现登录对话框?
2 个解决方案
解决方案1
0 2016-01-14 19:33:45
You need to also override HandleUnauthorizedRequest 您还需要覆盖HandleUnauthorizedRequest
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
System.Web.Routing.RouteValueDictionary rd = null;
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
//Redirect to Not Authorized
rd = new System.Web.Routing.RouteValueDictionary(new { action = "NotAuthorized", controller = "Error", area = "" });
}
else
{
//Redirect to Login
rd = new System.Web.Routing.RouteValueDictionary(new { action = "Login", controller = "Account", area = "" });
//See if we need to include a ReturnUrl
if (!string.IsNullOrEmpty(filterContext.HttpContext.Request.RawUrl) && filterContext.HttpContext.Request.RawUrl != "/")
rd.Add("ReturnUrl", filterContext.HttpContext.Request.RawUrl);
}
//Set context result
filterContext.Result = new RedirectToRouteResult(rd);
}
解决方案2
0 已采纳 2016-01-14 23:02:28
In HandleUnauthorizedRequest , use HttpStatusCode Forbidden because Unauthorized causes a login prompt to display. 在HandleUnauthorizedRequest ,使用HttpStatusCode Forbidden ,因为Unauthorized使登录提示显示。 Here is the entire attribute class. 这是整个属性类。
public class FunctionalityAttribute : AuthorizeAttribute
{
public string FunctionalityName { get; set; }
protected override bool IsAuthorized(HttpActionContext actionContext)
{
string adGroup = WebConfigurationManager.AppSettings[FunctionalityName];
if (actionContext.RequestContext.Principal.IsInRole(adGroup)) { return true; }
return false;
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
// Authenticated, but not authorized.
if (actionContext.RequestContext.Principal.Identity.IsAuthenticated)
{
// Use Forbidden because Unauthorized causes a login prompt to display.
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
}
}
}
And this is how I'm handling it in my angular repository: 这就是我在角度存储库中处理它的方式:
$http.get('/PrestoWeb/api/apps/')
.then(function (result) {
// do success stuff
}, function (response) {
console.log(response);
if (response.status == 403) {
$rootScope.setUserMessage("Unauthorized");
callbackFunction(null);
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.