All geek questions in one place

Message about sending MVC from the form after forwarding the login when the submit button is clicked

How can you have a form that does not require the user to log in until he clicks the "Submit" button, and at that moment he will send the form if the user is logged in, and otherwise redirects the login page. Then after a successful login, the user submits the original form? The original form also contains the <input type = "file"> element, and the file should not be uploaded unless the user is logged on.

+4
source share
3 answers

It turns out that I can’t do what I wanted, because this is a security risk programmatically filling the <input type = file> field and is not allowed.

+1
source

MVC handles this script. Just set the "[Authorize]" attribute only in the post action form, which has [HttpPost]. When submitting the form when the user is not logged in, he will be redirected to the action of logging into the Account Controller (/ Account / Login), and the login window will be displayed; this is because it is set so in web.config. Along with this redirection, the query string parameter "ReturnUrl = / orginalform" is also added. Then, the login action in MVC logs in and redirects the user back to the original form.

Update: here is the code that should go in the user attribute that will capture the form data if you need to save the form data (this is not verified, only compiled)

  public class CustomAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization( AuthorizationContext filterContext) { if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { string loginUrl = "/Account/Login"; //Get this from web.config instead of hardcode if (filterContext.HttpContext.Request != null) { loginUrl += "?ReturnUrl=" + filterContext.HttpContext .Request .Url .AbsoluteUri; foreach(var formData in filterContext.HttpContext.Request.Form) { loginUrl += "&"+formData.ToString(); } } filterContext.Result = new RedirectResult( loginUrl ); } } }

You may need some changes in the action after logging in. In addition, the return get get action should retrieve the form data from the uri [FromUri] and display the form again.

+2
source

I know this is an old post, I hope my experience will help someone:

I have two submit buttons and a general method that is called to process the form submission from both of them - conditional statements check which button submits the form.

On a button that requires user authentication, it returned HttpUnauthorizedResult() to return the user to the login page. After entering the system, the user will be sent back to the form with the field values ​​filled in, since they are stored in the TempData record, but the user still needs to click the button again to send the data.

So, I added a boolean variable called TempData called AutoSave , which will be set right before HttpUnauthorizedResult() returns. I test it before loading the form again, and if AutoSave == true , I just redirect the method that processes the view. It works like a charm.

Here is an example code:

 private ActionResult ProcessOnlineApplication(OnlineApplicationViewModel application){ //if not submit make sure it save. if (application.SubmitAction == "Save"))) { if(!User.Identity.IsAuthenticated) { //Keep a copy of the application until logged in TempData["PendingOnlineApplication"] = application; TempData["AutoSave"] = true; return new HttpUnauthorizedResult(); } else{ //Everything goes here } } } public ActionResult OnlineApplicationForm(){ var viewModel = TempData["PendingOnlineApplication"] as OnlineApplicationViewModel; if (TempData.ContainsKey("AutoSave") && Convert.ToBoolean(TempData["AutoSave"]) && viewModel != null) { TempData["AutoSave"] = false; return ProcessOnlineApplication(viewModel); } if (viewModel == null) { viewModel = CreateModel(); } return GetOnlineApplicationAction(viewModel); }
+1
source

Source: https://habr.com/ru/post/1446606/

More articles:


All Articles