stackoom
  简体   繁体   中英

How to display custom error if authorization fails in ASP.NET MVC

 原文  2016-09-30 17:33:47       c#/ asp.net-mvc/ authentication

Question

Trying to figure out how to avoid requesting username and password when a controller action is called that has an Authorize header and simply redirect to a View.

In my web.config I have 

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" cacheRolesInCookie="false">
  <providers>
    <clear />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
  </providers>
</roleManager>
<authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>

Then, in my controller, I am prefixing an action as follows 

    [Authorize(Roles = "DOMAIN\\Group")]
    public ActionResult Index()
    {
        ...controller action code here
    }

If I set it to a DOMAIN\\Group that I belong to, then the application works just as expected. If I change it to a bogus group for testing, I am presented with a username and password dialog. Obviously, authentication will never happen. If I click cancel in the dialog, I get redirected to the 401 error page.

What I would LIKE to do is, since by definition in the web.config file only windows users can connect, if that windows user is not in the chosen group, simply redirect to a particular View rather than prompting for a username and password.

1 answers

solution1
 5 ACCPTED  2016-09-30 17:50:48

You can create a custom attribute and override HandleUnauthorizedRequest . Then you redirect to a custom page, if authorization fails, 

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
        else
        {
            filterContext.Result = new RedirectToRouteResult(new
            RouteValueDictionary(new { controller = "Common", action = "AccessDenied" }));
        }
    }
}

[CustomAuthorize(Roles = "DOMAIN\\Group")]
public ActionResult Index()
{
   ...
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to implement custom authorization asp.net core mvc Custom Authorization filter in ASP.NET MVC 5? Custom Authorization (Permissions) ASP.NET MVC custom authorization in asp.net core mvc Custom authorization in ASP.NET MVC 3 ASP.NET MVC: Custom Authorization and MvcSiteMapProvider Asp.Net MVC 6 Cookie Authentication - Authorization fails Redirect to error page if hangfire authorization fails in asp.net mvc5 application Authorization in ASP.NET MVC 4 ASP.NET MVC Authorization
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM