stackoom
  简体   繁体   中英

Restrict direct access to All views show/Redirect to error page except Login page, if user enters direct URL

 原文  2016-03-30 03:59:24       c#/ asp.net-mvc/ asp.net-mvc-4

Question

I am using MVC 4.

First page it is navigating to http://localhost:61700/ where it has username and password to proceed further...

Now, I can also access direct url by typing http://localhost:61700/AccountInfo and other pages as well without login to the app.

How can I restrict this, if user not logged in and typed direct URL, it needs to go to the error page

HomeController.cs 

using System.Web.Mvc;

namespace myWebSite.Controllers
{
  public class HomeController : Controller
  {
    public ActionResult Index()
    {
      return View();
    }

    public ActionResult AccountStatus()
    {
      return View();
    }
...................

2 answers

solution1
 2  2016-03-30 04:15:07

You can apply Authorize attribute to make it restrict from unauthorized users. Also you can apply role and add user if you want to. 

[Authorize]

public class PrivateResourcesController : ApiController
{
    public IHttpActionResult Get()
    {
        return Ok(DateTime.Now);
    }             
}


[Authorize(Roles ="Admin",Users ="foo@mail.com")]

public class PrivateResourcesController : ApiController
{
    public IHttpActionResult Get()
    {
        return Ok(DateTime.Now);
    }             
}

solution2
 0 ACCPTED  2016-03-30 04:11:05

Just a simple idea:

  1. Create a controller, say SecureController inherited from Controller and have only this method

    protected override void OnActionExecuting(ActionExecutingContext filterContext) { 

      if (Session["LoggedIn"] == 1) { base.OnActionExecuting(filterContext); } else { filterContext.Result = RedirectToAction("Index", "Login"); } }

  2. Other than the LoginController , inherit all other controllers from SecureController

  3. Have Index (or name it whatever you like) method do the login. Set Session["LoggedIn"] to 1 after successful login.

Thats all you need. Of course this is just a simple thought provoking idea to put you on the right path. This will allow you to redirect to any page if user is not logged in. No form authentication configuration required. This gives you total control on how to authenticate a user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Restrict direct URL access to all web forms but login? Signin-oidc page direct access error with corelation - how to redirect? Prevent direct url access to a razor page handler how to redirect to login page in dotnet core, if the user enters login.aspx in the url How unauthorize access redirect user to login page How do I restrict direct access to an ASP.NET web page? Direct user to different page based on network connection Redirect MVC URL to login page if user has not login Redirect url to obtain the direct url Login Form in asp.net will not direct to login page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM