I am working on a site that makes use of jquery modal dialogs to do various things like logging in and such.
However; we have one slight issue with the use of these.. which is we are using the [Authorize] attribute on a lot of our action methods and so what is happening is if the user is not logged in and hits a route that they need to be authorized for it shows the login page like it is suppose to but obviously this is suppose to be a modal.
Anyhow long story short, is there a way to create a custom authorize attribute that can trigger the modal instead of the actual view that makes up the login modal?
In MVC, the 'Authorize' attribute handles both authentication and authorization. In general, it works well, with the help of extension to handle AJAX calls elegantly, and to distinguish between unauthorized users and those who are not logged in.
The Authorize attribute enables you to restrict access to resources based on roles. It is a declarative attribute that can be applied to a controller or an action method. If you specify this attribute without any arguments, it only checks if the user is authenticated.
The Authorization Filter provides two built-in attributes i.e. Authorize and AllowAnonymous which we can use as per our business requirement.
In this case you can use a custom action filter attribute that opens a popup if the user is not authorized.
In this action filter just check if user is logged in and add a boolean value to the ViewData collection.
Aplly the attribute on the controller's action.
Then in the master page add conditional rendering of code that opens the popup.
The code for the attribute:
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
public class PopupAuthorizeAttribute : AuthorizeAttribute
{
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
{
validationStatus = this.OnCacheAuthorization(new HttpContextWrapper(context));
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
bool isAuthorized = false;
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (this.AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(this.CacheValidateHandler), null);
isAuthorized = true;
}
filterContext.Controller.ViewData["OpenAuthorizationPopup"] = !isAuthorized;
}
}
In the master page or other common view add conditional rendering:
<% if((bool)(ViewData["OpenAuthorizationPopup"] ?? true)) { %>
...Your code to open the popup here...
<% } %>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With