Menu
I'm creating a custom role provider and I set a Authorize attribute specifying a role in my controller and it's working just fine, like this:
[Authorize(Roles="SuperAdmin")] public class SuperAdminController : Controller ... But when an user doens't have access to this controller, he's redirected to login page. How can I redirect him to a "AcessDenied.aspx" page?
829
[AccessDeniedAuthorize(Roles="SuperAdmin")] public class SuperAdminController : Controller AccessDeniedAuthorizeAttribute.cs:
public class AccessDeniedAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if(filterContext.Result is HttpUnauthorizedResult) { filterContext.Result = new RedirectResult("~/AcessDenied.aspx"); } } } Here's my solution, based on eu-ge-ne's answer. Mine correctly redirects the user to the Login page if they are not logged in, but to an Access Denied page if they are logged in but are unauthorized to view that page.
[AccessDeniedAuthorize(Roles="SuperAdmin")] public class SuperAdminController : Controller AccessDeniedAuthorizeAttribute.cs:
public class AccessDeniedAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { filterContext.Result = new RedirectResult("~/Account/Logon"); return; } if (filterContext.Result is HttpUnauthorizedResult) { filterContext.Result = new RedirectResult("~/Account/Denied"); } } } AccountController.cs:
public ActionResult Denied() { return View(); } Views/Account/Denied.cshtml: (Razor syntax)
@{ ViewBag.Title = "Access Denied"; } <h2>@ViewBag.Title</h2> Sorry, but you don't have access to that page. If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
