ASP.NET MVC : Response.Redirect(url, TRUE) does not stop request processing

Question

I have a method decorated with two custom ActionFilterAttribute.

[RequiresAuthentication(Order = 1)]
[ToonAction(Order = 2)]
public ActionResult Browse(...
         


        

Answer 1

You want to set the Result on the filterContext to a RedirectResult, not do a redirect on the response.

 filterContext.Result = new RedirectResult { Url = loginUrl };

EDIT: As @Hunter Daley suggests a better mechanism would be to use the AuthorizeAttribute instead if it works for you. If you do have authentication/authorization scenarios that the AuthorizeAttribute doesn't work for, it would probably be better to derive your custom attribute from it instead of the more generic ActionFilterAttribute. In any event, the correct technique is to set the Result rather than interact with the Response directly. You might want to look at the actual AuthorizeAttribute source at http://www.codeplex.com/aspnet for ideas.

I've got a sample of custom authorization code on my blog, http://farm-fresh-code.blogspot.com, too.