[英]ASP.NET CORE 3.1 How to redirect from HandleRequirementAsync
我正在使用 ASP.NET Core 3.1 和context.Resource作为AuthorizationFilterContext不能用于访问routeValues或queryString 。 我必须使用IHttpContextAccessor来获取routeValues["id"]但IHttpContextAccessor没有Result属性来设置RedirectToPage("/View", new {id = "...."})
public class NoEditOrDeleteSuperUserHandler : AuthorizationHandler<ManageSuperAdminRequirement>
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly UserManager<ApplicationUser> _userManager;
public NoEditOrDeleteSuperUserHandler(IHttpContextAccessor httpContextAccessor, UserManager<ApplicationUser> userManager)
{
this._httpContextAccessor = httpContextAccessor;
this._userManager = userManager;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageSuperAdminRequirement requirement)
{
var userId = _httpContextAccessor.HttpContext.Request.RouteValues["id"].ToString();
var selectedUser = _userManager.FindByIdAsync(userId).GetAwaiter().GetResult();
if (_userManager.IsInRoleAsync(selectedUser,"SuperAdmin").GetAwaiter().GetResult() == false)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
context.Fail();
var Response = _httpContextAccessor.HttpContext.Response;
var message= Encoding.UTF8.GetBytes("User with Super Admin role cannot be edited");
**// return RedirectToPage("/View", new {id = id});**
Response.OnStarting(async () =>
{
_httpContextAccessor.HttpContext.Response.StatusCode = 429;
await Response.Body.WriteAsync(message, 0, message.Length);
});
return Task.CompletedTask;
}
}
我正在使用自定义策略授权,当授权失败时,我想将用户重定向到returnUrl而不是访问被拒绝页面
我找到了解决上述问题的方法,即在自定义授权检查失败后如何将用户重定向到引用页面。
请如果有任何更好的方法来做到这一点,请指导我。
1 - 我从HandleRequirementAsync中删除了以下代码,并让它重定向到 AccessDenied Page。
var Response = _httpContextAccessor.HttpContext.Response;
var message= Encoding.UTF8.GetBytes("User with Super Admin role cannot be edited");
**// return RedirectToPage("/View", new {id = id});**
Response.OnStarting(async () =>
{
_httpContextAccessor.HttpContext.Response.StatusCode = 429;
await Response.Body.WriteAsync(message, 0, message.Length);
});
2 - 在 AccessDeniedModel class 我添加了以下代码:
[TempData]
public string Message { get; set; }
public void OnGet()
{
Message = "Access Denied: You do not have access to this resource.";
HttpContext.Response.Redirect(HttpContext.Request.Headers["Referer"]);
}
4 - 在 /User/Roles/View.cshtml.cs 我定义了一个 model 公共属性
[TempData]
public string Message { get; set; }
3 - 在 /User/Roles/View.cshtml 我添加了<p>@Model.Message</p>以向用户显示消息。
如何从 ASP.NET Core 3.1 中的 EntityFrameworkCore 3 中删除依赖项
[英]How to remove dependency from EntityFrameworkCore 3 in ASP.NET core 3.1
如何从 OnActionExecution 重定向到 controller(Asp.net 核心 5)中的操作
[英]How to redirect from OnActionExecution to an Action in a controller (Asp.net core 5)
如何将 IdentityServer Bearer Token Authentication 从 asp.net 迁移到 .net core 3.1
[英]How to migrate IdentityServer Bearer Token Authentication from asp.net to .net core 3.1
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.