All geek questions in one place

Controller login redirection

Starting with the ASP.NET 5 web application template using individual user accounts, I was able to get external authentication that works with Microsoft accounts. When users click "Login", they are redirected to ExternalLogin in the AccountController , like this

 <form asp-controller="Account" asp-action="ExternalLogin" method="post" asp-route-returnurl="@ViewData["ReturnUrl"]" class="nav navbar-right"> <button type="submit" class="btn btn-null nav navbar-nav navbar-right" name="provider" value="Microsoft" title="Log in"><span class="fa fa-sign-in"/>&nbsp; Log In</button> </form>

This allows them to log in using their Microsoft account, and everything seems to be working fine. But how do I intercept direct attempts to access privileged actions [Authorize] so that the user is redirected to ExternalLogin ? Can I set a default action in Startup.cs ?

EDIT 1 Trying to follow @Yves recommendations I created a CustomAutorizationFilter in the Filters folder. It does not check for any conditions.

 public class CustomAutorizationFilter : IAuthorizationFilter { public void OnAuthorization(Microsoft.AspNet.Mvc.Filters.AuthorizationContext context) { //if (...) // Check you conditions here //{ context.Result = new RedirectToActionResult("ExternalLogin", "Account", null); //} } }

and edited ConfigureServices as shown below

  services.AddMvc(config => { config.Filters.Add(typeof(Filters.CustomAutorizationFilter)); });

When I launch the application locally, it no longer goes to the main page. It returns an empty http://localhost:52711/Account/ExternalLogin

Obviously, I do not understand.

Edit 2: Here is the signature of ExternalLogin

  // POST: /Account/ExternalLogin [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public IActionResult ExternalLogin(string provider, string returnUrl = null)

Here's how ExternalLogin goes out of the box in the ASP.Net 5 Web Application Template.

+5
source share
2 answers

Since I was unable to get the CustomAuthorizationFilter work suggested by @Yves, I resorted to a nasty hack. I changed AccountController Login as below

  // GET: /Account/Login [HttpGet] [AllowAnonymous] public IActionResult Login(string returnUrl = null) { ViewData["ReturnUrl"] = returnUrl; return RedirectToAction(nameof(ExternalLogin), new { provider = "Microsoft", returnUrl = returnUrl }); //return View(); }

It seems to work, but I will be grateful for any feedback or advice if there is a better way.

+2
source

To do this, you can register implementations of IAuthorizationFilter or IActionFilter . In these filters you can check if the request is trying to access the privileged action if the user is registered or has sufficient permission to execute it.

If you are using AutorizeAttribute , I suggest you use AutorizationFilter . If you go with your own custom attributes, use an ActionFilter .

Here is an example:

MVC calls the IAuthorizationFilter.OnAuthorization method before each action.

 public class CustomAuthorizationFilter : IAuthorizationFilter { public void OnAuthorization(Microsoft.AspNet.Mvc.Filters.AuthorizationContext context) { if (...) // Check you conditions here { context.Result = new RedirectToActionResult("ExternalLogin", "Account", null); } } }

To register this filter, in Startup.cs change your ConfigureServices method:

 services.AddMvc(config => { config.Filters.Add(typeof(CustomAuthorizationFilter )); });

Or if you want to use your own attributes, you can use the ActionFilter OnActionExecuting method to check if everything happens as you wish ...

+3
source

Source: https://habr.com/ru/post/1241330/

More articles:


All Articles