On the ASP.NET MVC site that I create, I have some methods in which the users who use them must be in a certain role (as it happens if they are not, this means that they are suspended from the site) . For this, I use the attribute [Authorize(Roles="RoleName")]without any difficulty.
However, I don’t quite understand what happens to users who fail the test [Authorize]? What did they show?
I want to redirect blocked users to another action if they try to use these methods. At the moment, I am using an empty attribute [Authorize](without any roles), and then checking the action code, whether the user is part of the role or not.
My approach seems like a code smell to me. Is it possible to indicate what to show the user (or where to redirect them) if they do not pass the check [Authorize]?
source
share