Menu
I have created a custom AuthorizationAttribute which I'm placing on my controllers. I followed this article. I've implemented custom authorization logic in the OnAuthorization method and this works fine. When the user fails authorization I'm currently doing the following:
// if authorization check fails...
filterContext.Result = new HttpUnauthorizedResult();
This displays a username/password prompt.
My question is what is the recommended way send the user to a "Access Is Denied" type page when they fail authorization?
I am using MVC3.
214
On the login page, you can check if the user is already logged in and display an access denied message instead of the login prompt.
68
In the end I went for a straight redirect:
public override void OnAuthorization(AuthorizationContext filterContext)
...
// if authorization check fails...
filterContext.Result = new RedirectResult(AccessDeniedPage);
Edit: Rob Conery has a very good article describing this in detail with ASP.NET MVC: Securing Your Controller Actions
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With