如何解决ASP.NET MVC中Windows安全窗口提示授权失败

问题描述 投票:0回答:2

我的问题:

  1. 当用户没有经理角色和管理员角色时,我必须重定向到错误页面/一些弹出消息。但当用户未授权时,Windows安全密码提示不断出现。当我再次输入用户名和密码时,显示的是 Windows 安全密码。

  2. 我必须检查每个操作方法,并且需要显示消息或错误页面。

如何解决这个问题?

控制器代码:

[AuthorizeUser("Manager","Admin")]
public ActionResult Contact()
{
    return View();      
}

C#代码:

public AuthorizeUserAttribute(params int[] roles)
{
    allowedroles = roles;
}

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    bool authorize = false;
    var getList = _objService.GetUserRoleDetail(CommonStaticHelper.getLoggedUser());

    foreach (var role in allowedroles)
    {
        if (getList.Exists(m => m.RoleId == role))
        {
            return authorize = true; /* return true if Entity has current user(active) with specific role */
        }
    }

    return authorize;
}

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    filterContext.Result = new HttpUnauthorizedResult();
}
c# asp.net-mvc c#-4.0 authorization user-roles
2个回答
2
投票

试试这个:

// Create an action :
public ActionResult Unauthorized()
{
    return View();
}

// now write below code for authorization:

protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
{
    if (filterContext.HttpContext.Request.IsAuthenticated)
    {
        // redirect to the Unauthenticated page
        filterContext.Result = new RedirectToRouteResult(new
            RouteValueDictionary(new { controller = "Error", action = "Unauthorized" })
        );
    }
    else
    {
        base.HandleUnauthorizedRequest(filterContext);
    }
}

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    var authorized = base.AuthorizeCore(httpContext);

    if (!authorized)
    {
        // The user is not authenticated
        return false;
    }
   else
   {
        var getList = _objService.GetUserRoleDetail(CommonStaticHelper.getLoggedUser());

        foreach (var role in allowedroles)
        {
            if (getList.Exists(m => m.RoleId == role))
            {
                // return true if Entity has current
                // user(active) with specific role
                return authorize = true;
            }
        }

        return authorize = false;
    }
}
0
投票

创建您自己的过滤器,例如

  public class AuthorityAttribute : AuthorizeAttribute
    {
        private readonly string[] allowedroles;
        public AuthorityAttribute(params string[] roles)
        {
            this.allowedroles = roles;
        }
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            foreach (var role in allowedroles)
            {
                if (PortalWebSessionManager.ActivePortalSettings.ActiveRoles != null)
                {
                    foreach (IDynamics.IDynamicsPortal.DataComponent.Roles currentRole in PortalWebSessionManager.ActivePortalSettings.ActiveRoles)
                    {
                        if (currentRole.RoleName == role)
                        {
                            return true;
                        }
                    }
                }
            }
            return false;
        }
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            filterContext.Result = new HttpUnauthorizedResult();
        }
    }

并调用该过滤器

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.