在我的ASP.NET MVC应用程序,我的大多数控制器都装饰有
[Authorize(Roles="SomeGroup")]
当用户未被授权访问某些内容时,他们将被发送到"~/Login",这是My Account控制器上的Login操作.
如何确定用户由于未经授权而进入登录页面,以便显示适当的错误?
在我的ASP.NET MVC应用程序,我的大多数控制器都装饰有
[Authorize(Roles="SomeGroup")]
当用户未被授权访问某些内容时,他们将被发送到"~/Login",这是My Account控制器上的Login操作.
如何确定用户由于未经授权而进入登录页面,以便显示适当的错误?
您可以查找?ReturnUrl=
querystring值,也可以创建自己的授权过滤器&;在TempData
中设置一个字段,指明原因.
下面是一个简单的自定义过滤,它可以做到这一点:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
// NOTE: This is not thread safe, it is much better to store this
// value in HttpContext.Items. See Ben Cull's answer below for an example.
private bool _isAuthorized;
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
_isAuthorized = base.AuthorizeCore(httpContext);
return _isAuthorized;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if(!_isAuthorized)
{
filterContext.Controller.TempData.Add("RedirectReason", "Unauthorized");
}
}
}
在你看来,你可以这样做:
@if(TempData["RedirectReason"] == "Unauthorized")
{
<b>You don't have permission to access that area</b>
}
(Though I'd recommend a better approach than these magic strings, but you get the point)个