在ASP.NET MVC中重定向未经授权的控制器

在ASP.NET MVC中重定向未经授权的控制器

创建基于AuthorizeAttribute的自定义授权属性，并覆盖OnAuthorization来执行检查 *** 作的方式。通常，如果授权检查失败，则AuthorizeAttribute会将过滤结果设置为HttpUnauthorizedResult。您可以将其设置为（错误视图的）ViewResult。

编辑 ：我有几个博客文章，将更详细地介绍：

• http://farm-fresh-pre.blogspot.com/2011/03/revisiting-custom-authorization-in.html
• http://farm-fresh-pre.blogspot.com/2009/11/customizing-authorization-in-aspnet-mvc.html

例：

    [AttributeUsage( AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false )]    public class MasterEventAuthorizationAttribute : AuthorizeAttribute    {        /// <summary>        /// The name of the master page or view to use when rendering the view on authorization failure.  Default        /// is null, indicating to use the master page of the specified view.        /// </summary>        public virtual string MasterName { get; set; }        /// <summary>        /// The name of the view to render on authorization failure.  Default is "Error".        /// </summary>        public virtual string ViewName { get; set; }        public MasterEventAuthorizationAttribute() : base()        { this.ViewName = "Error";        }        protected void CachevalidateHandler( HttpContext context, object data, ref HttpValidationStatus validationStatus )        { validationStatus = onCacheAuthorization( new HttpContextWrapper( context ) );        }        public override void onAuthorization( AuthorizationContext filterContext )        { if (filterContext == null) {     throw new ArgumentNullException( "filterContext" ); } if (AuthorizeCore( filterContext.HttpContext )) {     SetCachePolicy( filterContext ); } else if (!filterContext.HttpContext.User.Identity.IsAuthenticated) {     // auth failed, redirect to login page     filterContext.Result = new HttpUnauthorizedResult(); } else if (filterContext.HttpContext.User.IsInRole( "SuperUser" )) {     // is authenticated and is in the SuperUser role     SetCachePolicy( filterContext ); } else {     ViewDataDictionary viewData = new ViewDataDictionary();     viewData.Add( "Message", "You do not have sufficient privileges for this operation." );     filterContext.Result = new ViewResult { MasterName = this.MasterName, ViewName = this.ViewName, ViewData = viewData }; }        }        protected void SetCachePolicy( AuthorizationContext filterContext )        { // ** importANT ** // Since we're performing authorization at the action level, the authorization pre runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization pre into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicybase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge( new TimeSpan( 0 ) ); cachePolicy.AddValidationCallback( CachevalidateHandler, null );        }    }