未授權用戶時出現登錄對話框

Question

為了在Web應用程序中實現安全性，我創建了一個從AuthorizeAttribute派生的屬性。

public class FunctionalityAttribute : AuthorizeAttribute
{
    public string FunctionalityName { get; set; }

    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        string adGroup = WebConfigurationManager.AppSettings[FunctionalityName];

        if (actionContext.RequestContext.Principal.IsInRole(adGroup)) { return true; }

        return false; // This causes a login dialog to appear. I don't want that.
    }
}

這是在我的Web API方法中的用法：

[Functionality(FunctionalityName = "GetApps")]
public IEnumerable<ApplicationDtoSlim> Get()
{
    using (var prestoWcf = new PrestoWcf<IApplicationService>())
    {
        return prestoWcf.Service.GetAllApplicationsSlim().OrderBy(x => x.Name);
    }
}

它確實有效。 但是問題是當我未被授權時會發生什么：

我不希望出現該對話框。 我已經登錄。我想讓用戶知道他們未被授權。 我該如何做才能避免出現登錄對話框？

Answer 1

您還需要覆蓋HandleUnauthorizedRequest

  protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
  {
    System.Web.Routing.RouteValueDictionary rd = null;
    if (filterContext.HttpContext.User.Identity.IsAuthenticated)
    {
        //Redirect to Not Authorized
        rd = new System.Web.Routing.RouteValueDictionary(new { action = "NotAuthorized", controller = "Error", area = "" });
    }
    else
    {
        //Redirect to Login
        rd = new System.Web.Routing.RouteValueDictionary(new { action = "Login", controller = "Account", area = "" });
        //See if we need to include a ReturnUrl
        if (!string.IsNullOrEmpty(filterContext.HttpContext.Request.RawUrl) && filterContext.HttpContext.Request.RawUrl != "/")
            rd.Add("ReturnUrl", filterContext.HttpContext.Request.RawUrl);
    }
    //Set context result
    filterContext.Result = new RedirectToRouteResult(rd);
  }

Answer 2

在HandleUnauthorizedRequest ，使用HttpStatusCode Forbidden ，因為Unauthorized使登錄提示顯示。 這是整個屬性類。

public class FunctionalityAttribute : AuthorizeAttribute
{
    public string FunctionalityName { get; set; }

    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        string adGroup = WebConfigurationManager.AppSettings[FunctionalityName];

        if (actionContext.RequestContext.Principal.IsInRole(adGroup)) { return true; }

        return false;
    }

    protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
    {
        // Authenticated, but not authorized.
        if (actionContext.RequestContext.Principal.Identity.IsAuthenticated)
        {
            // Use Forbidden because Unauthorized causes a login prompt to display.
            actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
        }
    }
}

這就是我在角度存儲庫中處理它的方式：

    $http.get('/PrestoWeb/api/apps/')
        .then(function (result) {
            // do success stuff
        }, function (response) {
            console.log(response);
            if (response.status == 403) {
                $rootScope.setUserMessage("Unauthorized");
                callbackFunction(null);
            }
        });

未授權用戶時出現登錄對話框

問題描述

2 個解決方案

解決方案1
0 2016-01-14 19:33:45

解決方案2
0 已采納 2016-01-14 23:02:28

未授權用戶時出現登錄對話框

問題描述

2 個解決方案

解決方案1 0 2016-01-14 19:33:45

解決方案2 0 已采納 2016-01-14 23:02:28

解決方案1
0 2016-01-14 19:33:45

解決方案2
0 已采納 2016-01-14 23:02:28