[英]ASP.NET IIS user role authentication
我目前在ASP.NET MVC4網站上工作。 而且在該網站中,我不允許具有特定角色的用戶被允許運行代碼。 我使用以下代碼:
[Authorize(Roles = GROUP)]
public void Auth()
{
/* if user is in the domain and signed in
* and a member of the above group
* they will come here */
username = User.Identity.Name;
//Do somthing
}
這很有效,但是當用戶不屬於域和/或組時,它將提示輸入用戶名和密碼。 是否可以跳過提示並僅重定向該用戶?
該網站是在IIS 8中設置的,身份驗證設置為Windows身份驗證
好吧,我將創建一個自定義授權屬性並實現HandleUnauthorizedRequest方法來解決此問題。
public class CustomAutorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// do authorization logic
// ...
return (/* isAuthorized */);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
UrlHelper urlHelper = new UrlHelper(filterContext.RequestContext);
filterContext.Result = new RedirectResult(urlHelper.Action("Index", "Error"));
}
}
有關更多信息,請閱讀如何:創建自定義授權屬性。
采用
[Authorize(Roles = GROUP)]
[HandleError(ExceptionType = typeof(UnauthorizedAccessException), View = "ApplicationError")]
public void Auth()
{
/* if user is in the domain and signed in
* and a member of the above group
* they will come here */
username = User.Identity.Name;
//Do somthing
}
您可以在其中分隔未經授權訪問用戶的視圖
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.