Geek Answers Handbook

Workarounds Authentication is automatically redirected to login, how?

I am writing an application using asp.net-mvc for deployment in iis6. I use authentication. Usually, when a user tries to access a resource without proper authorization, I want them to be redirected to the login page. FormsAuth makes this easy enough for me.

Problem: I now have an action available by the console application. What is the fastest way for this action to respond w / status 401 rather than redirecting the request to the login page?

I want the console application to be able to respond to this 401 StatusCode, and not transparently. I would also like to keep the default, redirect unauthorized requests to the behavior of the login page.

Note. As a test, I added this to my global.asax and did not bypass the auth form:

protected void Application_AuthenticateRequest(object sender, EventArgs e) { HttpContext.Current.SkipAuthorization = true; }

@ Dale and Andy

I use the AuthorizeAttributeFilter provided in the preview of MVC 4. This returns an HttpUnauthorizedResult. This result sets statusCode correctly to 401. The problem, as I understand it, is that asp.net intercepts the response (starting from 401) and redirects to the login page, rather than just skipping it. I want to get around this interception for specific URLs.

+6
asp.net-mvc forms-authentication
source share
5 answers

Ok, I worked on that. I created a custom ActionResult (HttpForbiddenResult) and a custom ActionFilter (NoFallBackAuthorize).

To avoid redirection, HttpForbiddenResult marks responses with a status code of 403. FormsAuthentication does not catch responses with this code, so forwarding a username is actually skipped. The NoFallBackAuthorize filter checks if the user is allowed, how the filter is enabled. It differs in that it returns HttpForbiddenResult when access is denied.

HttpForbiddenResult is pretty trivial:

  public class HttpForbiddenResult: ActionResult
 {
     public override void ExecuteResult (ControllerContext context)
     {
         if (context == null)
         {
             throw new ArgumentNullException ("context");
         }
         context.HttpContext.Response.StatusCode = 0x193;  // 403
     }
 }

Cannot skip redirecting login page in FormsAuthenticationModule.

+5
source share

Maybe kludge (and may not even work), but on your login page, see if Request.QueryString["ReturnUrl"] != null and if so, Response.StatusCode = 401 .

Remember that you still need your console application to authenticate in some way. You do not get free basic HTTP authorization: you have to roll your own, but there are many implementations.

+1
source share

Have you written your own FormsAuth attribute for the action? If so, in the OnActionExecuting method, you pass FilterExecutingContext. You can use this to pass code 401.

 public class FormsAuth : ActionFilterAttribute { public override void OnActionExecuting(FilterExecutingContext filterContext) { filterContext.HttpContext.Response.StatusCode = 401; filterContext.Cancel = true; } }

That should work. I'm not sure if you wrote the FormsAuth attribute or if you got it from somewhere else.

0
source share

I have not yet used the AuthorizeAttribute attribute, which is part of Preview 4. I rolled back because I have used the MVC structure since the first CTP. I quickly looked at the attribute in the reflector, and it does what I mentioned above, except that they use the hexadecimal equivalent of 401. I will need to look further on the call to see where the exception is caught, because more than likely exactly where they do the redirection. This is the functionality that you will need to override. I'm not sure you can do it yet, but I will send it back when I find it, and give you a job if Haacked does not see it and publish it myself.

0
source share

I did some search queries, and here is what I came up with:

 HttpContext.Current.Response.StatusCode = 401;

Not sure if it works or not, I have not tested it. Anyway, it's worth a try, right? :)

-one
source share

More articles:


All Articles