All geek questions in one place

Mvc 3, jquery ajax authentication and forms

In my MVC3 project, I have a controller with the [Authorize] attribute. I have a non-ajax form view that redirects the user (as expected) to the login screen if he / she is not logged in.

However, now I have a form that submits with jquery ajax, and how can I do the same? Redirect user to login screen if he / she is not authorized? After successful login, the user should redirect to the initial action.

controller

[Authorize] [ValidateInput(false)] public JsonResult SubmitChatMessage(string message) { if (!string.IsNullOrEmpty(message)) { // Do stuff } // Return all chat messages return GetChatMessages(); }

JQUERY client

 $(document).ready(function () { $("form[action$='SubmitChatMessage']").submit(function (event) { $.ajax({ url: $(this).attr("action"), type: "post", dataType: "json", data: $(this).serialize(), success: function (response) { // do stuff } }); return false; }); });

I see from the firebug console window that the server is returning:

 GET http://domain/Account/LogOn?ReturnUrl=%2fProductDetails%2fSubmitChatMessage

Looking forward to your help!

UPDATED WITH POSSIBLE SOLUTIONS

+6
source share
2 answers

Yes, this is one of the things I've always hated regarding form authentication in ASP.NET - it doesn't support AJAX authentication at all. Add IIS 401 to the mix and it can be quite a pain.

There are several ways to do this; none of them are particularly β€œclean.”

These include:

  • Set the ViewBag flag in the controller that corresponds to Request.IsAuthenticated , then rewrite the event of clicking the submit button on the login page if they are not authenticated.

  • Do the AJAX action return JsonResult , which is the property for "code". If code 0 can be successful, 1 may be unauthenticated, 2 there may be some other data problems, etc. Then check this code in the complete $.ajax and go to the login page.

    / li>

  • Check the $.ajax jqXHR response object for status code 403 and redirect to the login page.

  • Write a special HTML helper for your submit button that displays either the regular submit button or a binding that goes to the login page, depending on the authentication status.

  • Write a special authorize attribute that checks if Request.IsAjaxRequest() is available and returns a custom JSON object instead of the default behavior that should be redirected to the login page (which cannot happen for AJAX requests).

+6
source

A little pain, to be honest. Moreover, in my opinion, if you use Federated Identity, for example, Windows Identity Foundation and / or Azure AppFabric Access Control Service.

Your Ajax calls cannot handle redirection.

My solution / suggestion does not mean that your actions related to the Ajax call are performed using [Authorize], but instead rely on the presence of some value that you insert into the Session state from the action of the controller having [Authorize] (usually the method actions of the controller that was called to display the view). You know that the value could not get into the session state if the user was not authenticated (and the session was not completed). The call to your Ajax method failed if this value is missing, returning a specific JSON result that you can handle gracefully in your client code.

Using [Authorization] in the Ajax controller method causes strange, often hidden errors (for example, the disappearance of updates).

0
source

Source: https://habr.com/ru/post/893991/

More articles:


All Articles