Menu
I have implimented the AnitforgeryToken with my asp.net MVC forms, and also added the attribute to my login procedure, however when the check failes i wish to redirect to my fraud action rather than an exception page. is this possible within the attribute ????
thanks
945
In case you do not want to put [HandleError] attribute on all actions that have [ValidateAntiForgeryToken], you may add a custom filter to your Global filters:
in Global.asax under Application_Start():
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
and then:
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new AntiForgeryTokenFilter());
}
}
AntiForgeryTokenFilter.cs:
public class AntiForgeryTokenFilter : FilterAttribute, IExceptionFilter
{
public void OnException(ExceptionContext filterContext)
{
if(filterContext.Exception.GetType() == typeof(HttpAntiForgeryException))
{
filterContext.Result = new RedirectResult("/"); // whatever the url that you want to redirect to
filterContext.ExceptionHandled = true;
}
}
}
The ValidateAntiForgeryTokenAttribute will just throw HttpAntiForgeryException. You could use the HandleErrorAttribute to handle this scenario:
[HandleError(
ExceptionType = typeof(HttpAntiForgeryException),
View = "Unauthorized")]
[ValidateAntiForgeryToken]
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult SomeActionThatRequiresToken()
{
return View();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
