All geek questions in one place

Authorize login URL in asp.net MVC 3

I am working on an Asp.Net MVC 3 application. I created an administration area for the site and applied the [Authorized] attribute to the actionmethods after logging in. When I try to access these URLs directly without logging in, such as admin / home or admin / productlist, I am redirected to / Home / Login with an authentication error. I want to redirect to admin / login.

Please offer. Thanks

+6
source share
3 answers

The login URL for ASP.NET applications (including MVC3) is managed in web.config in the forms authentication section:

 <configuration> <system.web> <authentication mode="Forms"> <forms loginUrl="~/Home/Login" timeout="2880" /> </authentication> </system.web> </configuration>

The trick is that you need two different login URLs. ASP.NET has a great feature in which you can have a web.config file in every directory of your project, and as needed it will use the most specific settings that it can find, right up to the root web.config. So, in the folder where you have your administrative views ("Admin", I suppose), you should be able to create a second web.config that will only apply to these pages and below in the tree:

 <configuration> <system.web> <authentication mode="Forms"> <forms loginUrl="~/Admin/Login" timeout="2880" /> </authentication> </system.web> </configuration>
+7
source

If this is Stock MVC 3 authorization, then, like many others, I had problems with the wrong URL set for the LogOn action ... For some reason, the authorization is trying to send the user to the account \ Log in and view the submissions the entry says that there really is no β€œLogin” view, it’s called β€œLogOn”, so you need to fix it in the Web.config file with the following:

  <add key="loginUrl" value="~/Account/LogOn" />
+8
source

You can override your authorization authorization filter to resolve these issues. For example, you can check not only roles, but also specific permissions and redirect to different URLs. And also with this approach you can take into account the routing configuration.
Take a look at this answer: asp.net mvc Add to AUTHORIZE attribute

0
source

Source: https://habr.com/ru/post/898425/

More articles:


All Articles