For my mvc5 project i have implemented default identity but changed it according to requirements. Now i wanted to redirect unauthorized users to an view which has been created by me. I created a custom authorize filter. When an unauthorized user enters it comes to my error view. I can recognize it by the URL. But the problem is it is not showing the content in the view. Instead it is showing HTTP 404 error. I have put my code below. I know this has been asked here several times. But still i couldn't solve it. All help appreciated. Thanks in advance!
public class CustomAuthorize : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
base.HandleUnauthorizedRequest(filterContext);
}
else
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
}
}
}
ErrorController
public class ErrorController : Controller
{
// GET: Error
public ActionResult Index()
{
return View();
}
public ActionResult AccessDenied()
{
return View();
}
}
AccessDenied view
<h2>AccessDenied</h2>
Access Denied
On a particular controller
[CustomAuthorize(Roles = "Admin")]
public class ProductTypeController : Controller
{
}
Error im getting
HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
UPDATED QUESTION
Now i want to redirect Unauthorized users to ErrorView and Unauthenticated users to Login page. I have put my modified CustomAuthorise below. But it's not working. Pls guide me..
public class CustomAuthorize : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (!httpContext.Request.IsAuthenticated)
return false;
else
return true;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
}
}
For redirecting unauthorized users you don't need to customize AuthorizeAttribute
. Simply in Startup.ConfigureAuth(IAppBuilder app)
method or your custom OWIN startup method add following line:
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Error/AccessDenied"),
});
}
But if you want differentiate between unauthenticated users and unauthorized. Write your custom filter like this:
public class MyAuthAttribute: AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if(filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new RedirectResult("/Error/AccessDenied");
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
Then you could add log in url in OWIN startup method:
LoginPath = new PathString("/Account/Login")
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With