发表新帖
发表新帖

ASP.NET MVC4 Redirect to login page

前端 未结
关注
6 1227
再見小時候
再見小時候 2020-12-09 15:53

I\'m creating a web application using ASP.NET MVC 4 and C#.

I want all users to be logged in before using application.

I\'m using ASP.NET Membership with a c

相关标签:
6条回答
  • 悲哀的现实
    2020-12-09 16:25

    I know this question already has an answer but if the intention is to lock down the whole app except for a select few controller actions then I feel like this is a better solution ...

    In the startup / init for your app add ...

    httpConfig.filters.Add(new AuthorizeAttribute());

    ... then on actions you DONT want to secure ...

    [AllowAnonymous]
public ActionResult Hello() { return View(); }
    0 讨论(0)
  • 时光取名叫无心
    2020-12-09 16:28

    You could write a custom [Authorize] attribute. Then simply decorate controllers/actions with it or if all actions require authorization you could register it as a global action filter.

    0 讨论(0)
  • 悲哀的现实
    2020-12-09 16:30

    Put [Authorize] over each action that you want only logged in users accessing. You can also do this at the controller level, making all actions within the controller secured. The latter is probably best for you, since you probably only want all of your pages disabled for guests.

    Here's what the class-level one looks like:

    [Authorize]
public class SomethingController
{
    //...
}

    and here's an action-level one:

    public class SomethingController
{
    [Authorize]
    public ActionResult SomeAction(Parameter someParameter)
    {
        //...   
    }
}

    Another way to do it, if all or most of your pages use the same master page, is to put:

    <script type="text/javascript>
    @if(!Request.IsAuthenticated) {
        window.location.href = redirectURL;
    }
</script>

    or if you arent using razor syntax,

    <script type="text/javascript>  
    <% if(!Request.IsAuthenticated) { %>
        window.location.href = redirectURL;
    <% } %>
</script>

    in the master page. That way, all pages which use that master page will redirect elsewhere if the user is not logged in. This only applies if you are using the built-in authentication, though. NOTE: This option is far less secure than the first option. Use this only if site security is not a big concern

    0 讨论(0)
  • 既然无缘
    2020-12-09 16:30

    You can put [Authorize] attribute at your controller or at single methods in your controller so you would choose who can open the actions and with what permissions. You can also authorize with roles like : [Authorize(Roles="Admin")] where you will authorize only users in admin role to access your action/controller. For example:

    [Authorize(Roles="SimpleUser")] or with no roles [Authorize]
public ActionResult Index()
{
    return View();
}

[Authorize]
[HttpPost]
public ActionResult Index(FormCollection form)
{
    ... whatever logic
    return View();
}

    Hope this helps ;]

    0 讨论(0)
  • 慢半拍i
    2020-12-09 16:36

    Use [Authorize] at the class level

    if you want to allow anonymous access to some actions use [AllowAnonymous]

    0 讨论(0)
  • 醉酒成梦
    2020-12-09 16:40

    Sure, decorate your actions or the whole class with [Authorize] and it will require that the user is logged in first.

    0 讨论(0)
 看不清?
提交回复
热议问题