c# - ASP.NET Identity - Not Authorized Page -
i'm trying plug default switch statement in accountcontroller , redirect user "not authorized" page if aren't in admin role.
default code
// post: /account/login [httppost] [allowanonymous] [validateantiforgerytoken] public async task<actionresult> login(loginviewmodel model, string returnurl) { if (!modelstate.isvalid) { return view(model); } var result = await signinmanager.passwordsigninasync(model.email, model.password, model.rememberme, shouldlockout: false); switch (result) { case signinstatus.success: return redirecttolocal(returnurl); case signinstatus.lockedout: return view("lockout"); case signinstatus.requiresverification: return redirecttoaction("sendcode", new { returnurl = returnurl }); case signinstatus.failure: default: modelstate.addmodelerror("", "invalid login attempt."); return view(model); } } here's i'm trying add signinstatus.success case of switch statement
switch (result) { case signinstatus.success: //after successful login - check if user not in admin role if (!usermanager.isinrole(user.id, "admin")) { //send not authorized page return view("notauthorized"); } //successful login admin role else { //return came return redirecttolocal(returnurl); } case signinstatus.lockedout: //lockout settings in identityconfig.cs return view("lockout"); case signinstatus.requiresverification: return redirecttoaction("sendcode", new { returnurl = returnurl }); case signinstatus.failure: default: modelstate.addmodelerror("", "invalid login attempt."); return view(model); } this works fine if start out @ account/login, if url has returnurl attached, can't redirect not authorized page.
for example have admin controller looks this.
[authorize(roles = "admin")] public class admincontroller : controller { // get: admin public actionresult index() { return view(); } } if try go directly admin page, when not logged in, page redirect account/login , url http://localhost:51250/account/login?returnurl=%2fadmin redirect notauthorized during login won't work. if url looks http://localhost:51250/account/login redirect notauthorized will work.
it should ignore return url when going through switch statement, don't see i'm missing.
you aren't doing redirect. telling use notauthorized view login action. redirect use redirecttoaction().
return redirecttoaction("notauthorized"); you need add notauthorized action in account controller if don't have one.
[allowanonymous] public actionresult notauthorized() { return view(); }
Comments
Post a Comment