[英]ASP.NET CORE 3.1 How to redirect from HandleRequirementAsync
我正在使用 ASP.NET Core 3.1 和context.Resource作為AuthorizationFilterContext不能用於訪問routeValues或queryString 。 我必須使用IHttpContextAccessor來獲取routeValues["id"]但IHttpContextAccessor沒有Result屬性來設置RedirectToPage("/View", new {id = "...."})
public class NoEditOrDeleteSuperUserHandler : AuthorizationHandler<ManageSuperAdminRequirement>
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly UserManager<ApplicationUser> _userManager;
public NoEditOrDeleteSuperUserHandler(IHttpContextAccessor httpContextAccessor, UserManager<ApplicationUser> userManager)
{
this._httpContextAccessor = httpContextAccessor;
this._userManager = userManager;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageSuperAdminRequirement requirement)
{
var userId = _httpContextAccessor.HttpContext.Request.RouteValues["id"].ToString();
var selectedUser = _userManager.FindByIdAsync(userId).GetAwaiter().GetResult();
if (_userManager.IsInRoleAsync(selectedUser,"SuperAdmin").GetAwaiter().GetResult() == false)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
context.Fail();
var Response = _httpContextAccessor.HttpContext.Response;
var message= Encoding.UTF8.GetBytes("User with Super Admin role cannot be edited");
**// return RedirectToPage("/View", new {id = id});**
Response.OnStarting(async () =>
{
_httpContextAccessor.HttpContext.Response.StatusCode = 429;
await Response.Body.WriteAsync(message, 0, message.Length);
});
return Task.CompletedTask;
}
}
我正在使用自定義策略授權,當授權失敗時,我想將用戶重定向到returnUrl而不是訪問被拒絕頁面
我找到了解決上述問題的方法,即在自定義授權檢查失敗后如何將用戶重定向到引用頁面。
請如果有任何更好的方法來做到這一點,請指導我。
1 - 我從HandleRequirementAsync中刪除了以下代碼,並讓它重定向到 AccessDenied Page。
var Response = _httpContextAccessor.HttpContext.Response;
var message= Encoding.UTF8.GetBytes("User with Super Admin role cannot be edited");
**// return RedirectToPage("/View", new {id = id});**
Response.OnStarting(async () =>
{
_httpContextAccessor.HttpContext.Response.StatusCode = 429;
await Response.Body.WriteAsync(message, 0, message.Length);
});
2 - 在 AccessDeniedModel class 我添加了以下代碼:
[TempData]
public string Message { get; set; }
public void OnGet()
{
Message = "Access Denied: You do not have access to this resource.";
HttpContext.Response.Redirect(HttpContext.Request.Headers["Referer"]);
}
4 - 在 /User/Roles/View.cshtml.cs 我定義了一個 model 公共屬性
[TempData]
public string Message { get; set; }
3 - 在 /User/Roles/View.cshtml 我添加了<p>@Model.Message</p>以向用戶顯示消息。
如何從 ASP.NET Core 3.1 中的 EntityFrameworkCore 3 中刪除依賴項
[英]How to remove dependency from EntityFrameworkCore 3 in ASP.NET core 3.1
如何從 OnActionExecution 重定向到 controller(Asp.net 核心 5)中的操作
[英]How to redirect from OnActionExecution to an Action in a controller (Asp.net core 5)
如何將 IdentityServer Bearer Token Authentication 從 asp.net 遷移到 .net core 3.1
[英]How to migrate IdentityServer Bearer Token Authentication from asp.net to .net core 3.1
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.