public class CustomAuthorizeAttribute : Attribute, IAsyncAuthorizationFilter
{
private readonly string[] _roles;
public CustomAuthorizeAttribute(params string[] roles)
{
_roles = roles;
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
// Check if the user is authenticated
if (!user.Identity.IsAuthenticated)
{
RedirectToLoginPage(context);
return;
}
// Check if the user has any of the required roles
var hasClaims = _roles.Any(role => user.IsInRole(role));
if (!hasClaims)
{
RedirectToAccessDeniedPage(context);
return;
}
await Task.CompletedTask;
}
private void RedirectToLoginPage(AuthorizationFilterContext context)
{
var returnUrl = context.HttpContext.Request.Path + context.HttpContext.Request.QueryString;
context.Result = new RedirectToActionResult("Login", "Account", new { ReturnUrl = returnUrl });
}
private void RedirectToAccessDeniedPage(AuthorizationFilterContext context)
{
var returnUrl = context.HttpContext.Request.Headers["Referer"].ToString();
context.Result = new RedirectToActionResult("AccessDenied", "Account", new { returnUrl });
}
}
我制作了一个自定义授权属性来处理未经授权的访问,但问题如下,当用户尝试访问未经授权的页面时(当他登录并尝试猜测 URL 时),我想显示一个视图并在视图中,我有“返回上一页”链接,但问题是 RedirectToAccessDeniedPage 方法中 returnUrl 始终是空字符串