I have edited my question and here is the code which I used for implementing the authentication.
Class which inherits AuthorizeAttribute.
public class FBxAuth : AuthorizeAttribute
{
public FBxAuth()
: base()
{
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool isAuthenticated = false;
if (httpContext.User.Identity.IsAuthenticated)
{
// here I will check users exists in database.
// if yes , isAuthenticated=true;
}
return isAuthenticated;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.HttpContext.Response.Redirect("/home/Register/?returningURL=" +
filterContext.HttpContext.Server.UrlEncode(filterContext.HttpContext.Request.Url.ToString()));
}
}
My controller
[FBxAuth]
public ActionResult Index()
{
teamDA = new TeamDataAccess();
var teams = teamDA.TeamsList();
return View(teams);
}
2.How can I check the authenticated user is authorized to execute a action in controller. For eg: delete . www.abc.com/teams/5/
delete will perform delete I can hide the delete link from UI. But if a user tries to delete by giving url mentioned above, how can i prevent him from executing the action ?
您必须执行与Index动作相同的操作,只需将[FBxAuth]
或公共[Authorize]
属性添加到您希望只允许已验证用户访问的动作即可。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.