All geek questions in one place

ASP.Net MVC Redirecting from a partial view from a controller to a full view from another controller

Ok Therefore, I have a problem when I need to perform some authorization checks inside a controller action.

There are authorization roles, but it may exist that someone has TypeOnePayment but not TypeTwo

[Authorize(Roles = "TypeOnePayment;TypeTwoPayment")] public ActionResult EnterRevenue(PaymentType payment) { payment = "TypeOne"; // This exists for show only. var permission = string.Concat(payment,"Permission"); if (!SecurityUtility.HasPermission(permission)) { return View("Unauthorized", "Error"); } return this.PartialView("_EnterRevenue"); }

But since this returns a partial view, the "Error" screen appears only in the partial view of the page. Is there a way to redirect to a whole new page?

EDIT: EnterRevenue is retrieved through an ajax call. Thus, only html is returned and placed in the view from which it was called.

+6
source share
3 answers

You can redirect to another action:

 public ActionResult EnterRevenue { if (!SecurityUtility.HasPermission(permission)) { return View("Unauthorized", "Error"); } return RedirectToAction("NotAuthorized","Error"); }

Suppose we have an ErrorController with a NotAuthorized action that returns a normal view, which indicates that you do not have permission to view this page.

If you need this check for each action, you need to implement a user action filter attribute, in which you will need to check if this is a normal redirect for an else request, return staus as json and redirect from the client side. See asp.net mvc to check if the user is allowed before accessing the page

Here is the code snippet:

 public class AuthorizationAttribute : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { string actionName = filterContext.ActionDescriptor.ActionName; string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; if (filterContext != null) { HttpSessionStateBase objHttpSessionStateBase = filterContext.HttpContext.Session; var userSession = objHttpSessionStateBase["userId"]; if (((userSession == null) && (!objHttpSessionStateBase.IsNewSession)) || (objHttpSessionStateBase.IsNewSession)) { objHttpSessionStateBase.RemoveAll(); objHttpSessionStateBase.Clear(); objHttpSessionStateBase.Abandon(); if (filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.HttpContext.Response.StatusCode = 403; filterContext.Result = new JsonResult { Data = "LogOut" }; } else { filterContext.Result = new RedirectResult("~/Home/Index"); } } else { if (!CheckAccessRight(actionName, controllerName)) { string redirectUrl = string.Format("?returnUrl={0}", filterContext.HttpContext.Request.Url.PathAndQuery); filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl + redirectUrl, true); } else { base.OnActionExecuting(filterContext); } } } } }

and use it for action as follows:

 [Authorization] public ActionResult EnterRevenue { return this.PartialView("_EnterRevenue"); }
+5
source

I think that what you need can be reduced to making the ajax call behave differently based on the fact that you are returning to it. The best I have found for this can be summarized as follows:

  • When you find that you do not have permission, add the model error to the model.
  • Override OnActionExecuted (We hope that all your controllers inherit from the base so that you can do it in one place if it weren’t a good idea to implement it now). In the override, check if the request is an ajax state and the model (if you want to check a specific error that you added in the action method), change the request status to 4xx status.
  • In OnFailure of your ajax call, you can redirect to the error page using javascript code.
0
source

Or just use the standard call forwarding. This should work everywhere (just don't do this inside the using statement or it will throw an exception in the background):

 Response.Redirect("/Account/Login?reason=NotAuthorised", true);
0
source

Source: https://habr.com/ru/post/977434/

More articles:


All Articles