asp.net-mvc 是否可以在自定义 AuthorizeAttribute 类中使用 RedirectToAction()?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2472578/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is it possible to use RedirectToAction() inside a custom AuthorizeAttribute class?
提问by Lance McNearney
Using ASP.Net MVC 2, is there any way to use the RedirectToAction()method of the Controllerclass inside a class that is based on the AuthorizeAttributeclass?
使用 ASP.Net MVC 2,有没有办法在基于类的类中使用Controller类的RedirectToAction()方法?AuthorizeAttribute
public class CustomAttribute : AuthorizeAttribute {
protected override bool AuthorizeCore(HttpContextBase context) {
// Custom authentication goes here
return false;
}
public override void OnAuthorization(AuthorizationContext context) {
base.OnAuthorization(context);
// This would be my ideal result
context.Result = RedirectToAction("Action", "Controller");
}
}
I'm looking for a way to re-direct the user to a specific controller / action when they fail the authentication instead of returning them to the login page. Is it possible to have the re-direct URL generated for that controller / action and then use RedirectResult()? I'm trying to avoid the temptation to just hard-code the URL.
我正在寻找一种方法,可以在用户身份验证失败时将用户重定向到特定的控制器/操作,而不是将他们返回到登录页面。是否可以为该控制器/操作生成重定向URL,然后使用RedirectResult()?我试图避免对 URL 进行硬编码的诱惑。
回答by Craig Stuntz
You can/should override HandleUnauthorizedRequestinstead of OnAuthorization. Here's the default implementation:
您可以/应该覆盖HandleUnauthorizedRequest而不是OnAuthorization. 这是默认实现:
protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
// Returns HTTP 401 - see comment in HttpUnauthorizedResult.cs.
filterContext.Result = new HttpUnauthorizedResult();
}
You can't use Controller.RedirectToAction, but you canreturn a new RedirectToRouteResult.
您不能使用Controller.RedirectToAction,但可以返回一个新的RedirectToRouteResult.
So you can do:
所以你可以这样做:
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
// Returns HTTP 401 - see comment in HttpUnauthorizedResult.cs.
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "action", "ActionName" },
{ "controller", "ControllerName" }
});
}
回答by Mattias Jakobsson
You can do something like this:
你可以这样做:
var routeValues = new RouteValueDictionary();
routeValues["controller"] = "ControllerName";
routeValues["action"] = "ActionName";
//Other route values if needed.
context.Result = new RedirectToRouteResult(routeValues);
This is the way the framework does it when you call "RedirectToAction()" in your controller.
当您在控制器中调用“RedirectToAction()”时,框架就是这样做的。
回答by Petter Lundanes
In case anyone else is interested in this question. This can be solved in a simpler way (at least using MVC 3, don't know about MVC 2):
如果其他人对这个问题感兴趣。这可以通过更简单的方式解决(至少使用 MVC 3,不知道 MVC 2):
Just create a small private controller in your custom AuthorizeAttribute:
只需在您的自定义 AuthorizeAttribute 中创建一个小型私有控制器:
private class RedirectController : Controller
{
public ActionResult RedirectWhereever()
{
return RedirectToAction("Action", "Controller");
}
}
This can easily be used in your HandleUnauthorizedRequest method (see Craigs answer):
这可以很容易地用于您的 HandleUnauthorizedRequest 方法(请参阅 Craigs 回答):
filterContext.Result = (new RedirectController()).RedirectWhereever();
