[Authorize] attribute is nice and handy MS invention, and I hope it can solve the issues I have now
To be more specific:
When current client isn't authenticated - [Authorize] redirects from secured action to logon page and after logon was successful - brings user back, this is good.
But when current client already authenticated but not authorized to run specific action - all I need is to just display my general 403 page.
Is it possible without moving authorization logic within controller's body?
Update:
The behavior I need in should be semantically equals to this sketch:
public ActionResult DoWork()
{
if (!NotAuthorized())
{
// this should be not redirect, but forwarding
return RedirectToAction("403");
}
return View();
}
so - there should no any redirect and url should be stay the same, but contents of the page should be replaced with 403-page
Update 2: I implemented sketch in this way:
[HandleError]
public class HomeController : Controller
{
public ActionResult Index()
{
ViewData["Message"] = "Welcome to ASP.NET MVC!";
return View();
}
[CustomActionFilter]
public ActionResult About()
{
return View();
}
public ActionResult Error_403()
{
return Content("403");
}
}
public class CustomActionFilter : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.Result = new ContentResult { Content = "403" };
}
}
And can't get how to properly forward execution to HomeController.Action_403() so it display 403.
Update 3:
filterContext.Result = new ViewResult() { ViewName = "Error_403" };
so this is an answer on how to render specific view template... but still have no idea how to run another controller - anyway, it's enough good solution.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
