Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

C# MVC: How to override configured authentication redirect?

I have an MVC application with the following block inside in Web.config:

<authentication mode="Forms">
    <forms loginUrl="~/Login" timeout="2880" />
</authentication>

So, if a user requests a page and authorization fails, they will be redirected to ~/Login.

That's fine, and I need it for most of my controllers. However, I have a controller which I'd like to bypass this rule with. How can I allow specific controllers to ignore this rule?

My problem is that in my MVC application (which has several controllers), I have a certain controller which hosts a REST interface (not meant for browser use). Since this controller isn't meant for browser-consumption, I don't want it sending back an entire login page, (or any page whatsoever actually, just strings or partial views.)

Note that I'm using custom [Authorize...] attributes on my actions, and when THESE fail, they redirect to an Error action--but, unfortunately, my Error action (which returns a short string) is being redirected to the Login page because of this configuration setting!

I'm getting dizzy trying to figure this out, what am I doing wrong? I can provide more details if necessary.

like image 677
Jay Sullivan Avatar asked Apr 01 '11 22:04

Jay Sullivan


People also ask

What C is used for?

C programming language is a machine-independent programming language that is mainly used to create many types of applications and operating systems such as Windows, and other complicated programs such as the Oracle database, Git, Python interpreter, and games and is considered a programming foundation in the process of ...

What is C in C language?

What is C? C is a general-purpose programming language created by Dennis Ritchie at the Bell Laboratories in 1972. It is a very popular language, despite being old. C is strongly associated with UNIX, as it was developed to write the UNIX operating system.

Is C language easy?

Compared to other languages—like Java, PHP, or C#—C is a relatively simple language to learn for anyone just starting to learn computer programming because of its limited number of keywords.

What is C full form?

Originally Answered: What is the full form of C ? C - Compiler . C is a general-purpose, high-level language that was originally developed by Dennis M. Ritchie to develop the UNIX operating system at Bell Labs. C was originally first implemented on the DEC PDP-11 computer in 1972.


2 Answers

You could extend the AuthorizeAttribute class and override HandleUnauthorizedRequest, you may want to return a Forbidden http status code rather than a custom message.

public class CustomAuthorizationAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        // You need to set this action result to something other than a HttpUnauthorizedResult, 
        // this result will cause the redirection to the login page

        // Forbidden request... does not redirect to login page
        // filterContext.Result = new HttpStatusCodeResult(403);

        filterContext.Result = new ErrorActionResult { ErrorMessage = "Unauthorized Access" };
    }
}

public class ErrorActionResult : ActionResult
{
    public string ErrorMessage { get; set; }

    public override void ExecuteResult(ControllerContext context)
    {
        context.HttpContext.Response.Write(this.ErrorMessage);
    }
}
like image 198
Rohan West Avatar answered Oct 15 '22 19:10

Rohan West


Add the following after your system.web element in Web.config:

<location path="home">
<system.web>
    <authorization>
        <allow users="*" />
    </authorization>
</system.web>
</location>

This will allow unauthenticated users access to "/home" and thus any actions on the HomeController.

like image 36
Morten Mertner Avatar answered Oct 15 '22 17:10

Morten Mertner