堆栈内存溢出
  简体   繁体   English

如果授权失败,如何在ASP.NET MVC中显示自定义错误

[英]How to display custom error if authorization fails in ASP.NET MVC

 原文  2016-09-30 17:33:47       c#/ asp.net-mvc/ authentication

问题描述

Trying to figure out how to avoid requesting username and password when a controller action is called that has an Authorize header and simply redirect to a View. 试图弄清楚在调用具有Authorize标头并直接重定向到View的控制器操作时如何避免请求用户名和密码。

In my web.config I have 在我的web.config中 

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" cacheRolesInCookie="false">
  <providers>
    <clear />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
  </providers>
</roleManager>
<authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>

Then, in my controller, I am prefixing an action as follows 然后,在控制器中,我为操作添加了以下前缀 

    [Authorize(Roles = "DOMAIN\\Group")]
    public ActionResult Index()
    {
        ...controller action code here
    }

If I set it to a DOMAIN\\Group that I belong to, then the application works just as expected. 如果将其设置为我所属的DOMAIN \\ Group,则该应用程序将按预期运行。 If I change it to a bogus group for testing, I am presented with a username and password dialog. 如果我将其更改为假组进行测试,则会看到一个用户名和密码对话框。 Obviously, authentication will never happen. 显然,身份验证永远不会发生。 If I click cancel in the dialog, I get redirected to the 401 error page. 如果单击对话框中的“取消”,则会重定向到401错误页面。

What I would LIKE to do is, since by definition in the web.config file only windows users can connect, if that windows user is not in the chosen group, simply redirect to a particular View rather than prompting for a username and password. 我想做的是,由于在web.config文件中定义,只有Windows用户可以连接,如果该Windows用户不在所选组中,则只需重定向到特定的View,而不提示输入用户名和密码。

1 个解决方案

解决方案1
 5 已采纳  2016-09-30 17:50:48

You can create a custom attribute and override HandleUnauthorizedRequest . 您可以创建一个自定义属性并覆盖HandleUnauthorizedRequest Then you redirect to a custom page, if authorization fails, 然后,您重定向到自定义页面,如果授权失败, 

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
        else
        {
            filterContext.Result = new RedirectToRouteResult(new
            RouteValueDictionary(new { controller = "Common", action = "AccessDenied" }));
        }
    }
}

[CustomAuthorize(Roles = "DOMAIN\\Group")]
public ActionResult Index()
{
   ...
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何实现自定义授权 asp.net core mvc - how to implement custom authorization asp.net core mvc ASP.NET MVC 5中的自定义授权过滤器? - Custom Authorization filter in ASP.NET MVC 5? 自定义授权(权限)ASP.NET MVC - Custom Authorization (Permissions) ASP.NET MVC ASP.NET Core MVC中的自定义授权 - custom authorization in asp.net core mvc ASP.NET MVC 3中的自定义授权 - Custom authorization in ASP.NET MVC 3 ASP.NET MVC:自定义授权和MvcSiteMapProvider - ASP.NET MVC: Custom Authorization and MvcSiteMapProvider Asp.Net MVC 6 Cookie身份验证 - 授权失败 - Asp.Net MVC 6 Cookie Authentication - Authorization fails 如果在 asp.net mvc5 应用程序中 hangfire 授权失败,则重定向到错误页面 - Redirect to error page if hangfire authorization fails in asp.net mvc5 application ASP.NET MVC 4中的授权 - Authorization in ASP.NET MVC 4 ASP.NET MVC授权 - ASP.NET MVC Authorization
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM