stackoom
  简体   繁体   中英

Redirect to “You Are Forbidden” page without changing URL ASP.NET MVC

 原文  2017-06-23 15:01:22       c#/ asp.net-mvc/ permissions

Question

I set up a custom Authorization Attribute in my project to do some checks on a user's permissions. If they aren't allowed to do a certain activity, they get redirected to a "You Are Forbidden" page via RedirectToRouteResult . However, I would like to make this function without changing the URL so the user can refresh the page if they receive permission. Is this possible?

How I'm doing it currently. It sends to the URL Forbidden/ . 

[AttributeUsage(AttributeTargets.Method)]
public class AuthActivityAttribute : ActionFilterAttribute
{
    public string ActivityName { get; set; }
    public int ActivityId = 0;

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (!ViewIsAuthorizedActivity(ActivityName))
        {
            filterContext.Result = Forbid();
            base.OnActionExecuting(filterContext);
        }
    }

    public RedirectToRouteResult Forbid()
    {
        return new RedirectToRouteResult(
            new RouteValueDictionary
                {
                    { "controller", "Home" },
                    { "action", "Forbidden" },
                    { "Activity", ActivityId },
                    { "area", ""}
                });
    }
    // other stuff
}

Edit / Solution:

I ended up using a combination of rendering PartialView for GET Requests and RedirectToRouteResult for POST Requests. I chose this for two reasons:

  1. The user has the page loaded before losing permission, therefore the Forbidden partial view isn't loaded. Without the RedirectToRouteResult on POSTs, they could POST even though they don't have permission.

  2. Someone could attempt to over post the page and have some success if they hit some Included values.

Attribute: 

public override void OnActionExecuting(ActionExecutingContext filterContext)
{
    if (!ViewIsAuthorizedActivity(ActivityName))
    {
        string requestMethod = filterContext.HttpContext.Request.HttpMethod;

        if (requestMethod == "GET")
        {
            filterContext.Controller.ViewBag.Authorization = "FORBIDDEN";
        }
        else if (requestMethod == "POST")
        {
            filterContext.Result = new RedirectToRouteResult(
            new RouteValueDictionary
                {
                    { "controller", "Foo" },
                    { "action", "Bar" },
                    { "area", ""}
                });
        }

        base.OnActionExecuting(filterContext);
    }
}

View: 

@if (ViewBag.Authorization == "FORBIDDEN")
{
    ViewBag.Title = "Forbidden!";
    @Html.Partial("~/Views/Home/Forbidden.cshtml");
}
else
{
    <!-- Page -->
}

1 answers

solution1
 1 ACCPTED  2017-06-23 15:07:20

a partial is the way to go. Add a partial to your page that looks like this: 

@if(ViewData["FORBIDDEN"] == true)
{

<div id="forbidden">

<div/>
}
else{
rest of page here
}

in your action check for permission and set the ViewData["FORBIDDEN"] based on it

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET: How to redirect without changing URL in the Browser? How to call a asp.net mvc action without changing the url Asp.Net MVC - redirect to same page without passing parameter ASP.NET Core redirect to login page without return url ASP MVC Redirect without changing URL(routing) ASP.NET MVC URL Redirect Asp.net web api : redirect unauthorized requst to forbidden page Redirect to custom forbidden page not working in asp.net URL of Page 2 in Asp.net MVC WebGrid asp.net response.redirect hitting url, but not changing browser page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM