发表新帖
发表新帖

Best way to abort/cancel action and response from ActionFilter

后端 未结
关注
6 1638
清歌不尽
清歌不尽 2020-12-24 13:51

Best way to abort/cancel action from ActionFilter

I\'ve got this ActionFilter, and it\'s suppose to end the connection immediately and return a 401 Unau

相关标签:
6条回答
  • 天涯浪人
    2020-12-24 14:13

    The answer that @OdeyinkaOlubunmi is correct for Web API or specifically System.Web.Http.Filters.ActionFilterAttribute but it can't be used for System.Web.Mvc.ActionFilterAttribute. AuthorizeAttribute and overriding AuthorizeCore is a good way to go but if you use @Vadim's example for a GlobalFilter you will end up with the following error in a standard configuration:

    HTTP Error 404.15 - Not Found The request filtering module is configured to deny a request where the query string is too long.

    This is because the default /Login?ReturnUrl= will keep appending new values until the query string causes an exception.

    The way I have solved it for MVC is like this:

    public class DebugActionFilter : System.Web.Mvc.ActionFilterAttribute
{
  public override void OnActionExecuting(System.Web.Mvc.ActionExecutingContext actionContext)
  {
    actionContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
    return;
  }
}
    0 讨论(0)
  • 鱼传尺愫
    2020-12-24 14:22

    using .net core 2.1 the solutions above did not work for me , so i tried this and it worked :-

     context.HttpContext.Response.StatusCode = 401;
 return;

    if there is better solutions for .net core 2.1 i am open for suggestions

    0 讨论(0)
  • 予麋鹿
    2020-12-24 14:29

    On .net core 2.2, 3.0 and 3.1, the below example works fine

    public override void OnActionExecuting(ActionExecutingContext context)
{
  context.Result = new UnauthorizedObjectResult("user is unauthorized");
}
    0 讨论(0)
  • 我在风中等你
    2020-12-24 14:29

    You can set the result of filterContext for the Exception page like this:

    filterContext.Result = new RedirectResult("~/Error/Unauthorized");

    See more details here on section Canceling Filter Execution

    0 讨论(0)
  • 悲哀的现实
    2020-12-24 14:30

    You probably want to make it an AuthorizeAttribute. That will set the result to be an UnAuthorizedResult automatically, plus it has the benefit of being run before any other filters. Alternatively you can set the Result to be a new HttpUnauthorizedResult

    public class SignInRequiredAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return !Acme.Web.CurrentUser != null;
    }
}
    0 讨论(0)
  • 孤街浪徒
    2020-12-24 14:32

    Setting the response will mean the action doesn't get called.

    public override void OnActionExecuting(HttpActionContext actionContext)    
{ 
    actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
}

    As other answers have said, though, authentication should be done with an AuthorizeAttribute (Docs for Web.API or for MVC).

    0 讨论(0)
 看不清?
提交回复
热议问题