在asp.net MVC中授权属性和jquery AJAX
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5258721/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Authorize attribute and jquery AJAX in asp.net MVC
提问by Ghooti Farangi
I have used jquery ajax function to submit a form. The users have to be logged in else they must redirect to a login page.I have used Authorize() attribute for it.
我已经使用 jquery ajax 函数来提交表单。用户必须登录,否则他们必须重定向到登录页面。我为此使用了 Authorize() 属性。
[Authorize]
public ActionResult Creat()
{
....
}
If the user is not login the action return login page to jquery's ajax functions and it is displayed on the same page but I want to redirect the user to login page. Is there any solution?
如果用户未登录,则操作将登录页面返回到 jquery 的 ajax 函数,并且它显示在同一页面上,但我想将用户重定向到登录页面。有什么解决办法吗?
回答by Ronnie Overby
Working example: https://github.com/ronnieoverby/mvc-ajax-auth
工作示例:https: //github.com/ronnieoverby/mvc-ajax-auth
Important parts:
重要部分:
AjaxAuthorizeAttribute:
AjaxAuthorize 属性:
using System.Web.Mvc;
namespace MvcApplication1
{
public class AjaxAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext context)
{
if (context.HttpContext.Request.IsAjaxRequest())
{
var urlHelper = new UrlHelper(context.RequestContext);
context.HttpContext.Response.StatusCode = 403;
context.Result = new JsonResult
{
Data = new
{
Error = "NotAuthorized",
LogOnUrl = urlHelper.Action("LogOn", "Account")
},
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
else
{
base.HandleUnauthorizedRequest(context);
}
}
}
}
Javascript:
Javascript:
$(function () {
$(document).ajaxError(function (e, xhr) {
if (xhr.status == 403) {
var response = $.parseJSON(xhr.responseText);
window.location = response.LogOnUrl;
}
});
});
Use the attribute in a controller:
在控制器中使用该属性:
[AjaxAuthorize]
public ActionResult Secret()
{
return PartialView();
}
Do some ajax:
做一些ajax:
@Ajax.ActionLink("Get Secret", "Secret", new AjaxOptions { UpdateTargetId = "secretArea", })
<div id="secretArea"></div>
回答by Mudasar Rauf
Just a handy addition to #Ronnie's answer
只是对#Ronnie 的回答的一个方便补充
if you want to keep the page url on redirect.
如果您想在重定向时保留页面 url。
var pathname = window.location.pathname;
if (xhr.status == 403) {
var response = $.parseJSON(xhr.responseText);
window.location = response.LogOnUrl + '?ReturnUrl=' + pathname;
}
回答by Tom Widdowson
As another extension to Ronnie Overby's answer.
作为 Ronnie Overby 答案的另一个延伸。
His solution doesn't work with webapi, but this is fine because you can use normal Authorize attribute instead and then handle the 401 status in the ajaxError function as follows.
他的解决方案不适用于 webapi,但这很好,因为您可以改用普通的 Authorize 属性,然后按如下方式处理 ajaxError 函数中的 401 状态。
$(document).ajaxError(function (e, xhr) {
//ajax error event handler that looks for either a 401 (regular authorized) or 403 (AjaxAuthorized custom actionfilter).
if (xhr.status == 403 ||xhr.status == 401) {
//code here
}
});
