Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.Net MVC Authorisation action filter

I'm trying to understand how error handling works when using the Authorize [Authorize] Action Filter in MVC Preview 4.

I have an action that looks like this:

[Authorize(Roles = "DOMAIN\\NOTAUTHORISED_ROLE" )]
[HandleError]
public ActionResult NeedAuthorisation()
{
    throw new NotImplementedException();
}

When I visit the url: http://localhost:2197/testAuthorisation/NeedAuthorisation, I get a blank page in my browser. In Firebug I can see that a request was made and a response-status of 401 - Unauthorised has been returned. But I'm not being redirected or having a customError returned. Everything works as expected when using a role that I'm authorized for.

This is using Windows authentication. I'm in the middle of writing some code to try out Forms authentication to see if I get the same issue. I have <customerrors mode="On"/> set and have created error pages, both in the testAuthorisation folder and the Shared folder.

like image 657
Lewis Avatar asked Jan 29 '09 11:01

Lewis


People also ask

What is authentication filter in MVC?

Authentication Filter is a new feature in MVC 5 this filter run before any other filter, this filter is used to authenticate User which was not there in older version [MVC 4] there we were using Authorization filter or Action filter to Authenticate User, now new updated of MVC 5 this cool feature is available.

What are the action filters in MVC?

ASP.NET MVC provides Action Filters for executing filtering logic either before or after an action method is called. Action Filters are custom attributes that provide declarative means to add pre-action and post-action behavior to the controller's action methods.

How authorization works in ASP.NET MVC?

The Authorize Attribute In ASP.NET MVC, any incoming request is bound to a controller/method pair and served. This means that once the request matches a supported route and is resolved to controller and method, it gets executed no matter what.


1 Answers

I eventually found this MVC tutorial which solved my problem:

Exactly what happens when you attempt to invoke a controller action without being the right permissions depends on the type of authentication enabled. By default, when using the ASP.NET Development Server, you simply get a blank page. The page is served with a 401 Not Authorized HTTP Response Status.

like image 140
Lewis Avatar answered Sep 27 '22 18:09

Lewis