Geek Answers Handbook

Where should I put a check that can redirect a request?

I need to redirect users to the "Change Password" page if their password has expired.

I want to place this code in one place so that any request can be redirected to the password change page.

I reviewed the AuthorizeAttribute extension and the OnActionExecuting override, but don't work / don't let me short-circuit the routing logic to redirect to the password change page.

For a little explanation, the logic will be:

Unauthorized request:
-> any URL → AuthorizeAttribute → Login.aspx → password expiration → ChangePassword.aspx

Authorized request:
-> any URL → ??????? → ChangePassword.aspx

What's this???? what i'm not sure what to do.

I think I'm going to expand the AuthorizeAttribute extension. I will use this everywhere except the password change controller methods.

+6
redirect authorization asp.net-mvc routes
source share
2 answers
public class DenyExpiredPasswordAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { IPrincipal user = filterContext.HttpContext.User; if(user != null) { if (user.Identity.IsAuthenticated) { if (CurrentUser.PasswordExpired) // your checking of password expiration { filterContext.HttpContext.Response.Redirect("~/Account/ChangePassword?reason=expired"); } } } base.OnAuthorization(filterContext); } }

this works fine, just mark each controller with this attribute, excluding "Account". Therefore, a user with an outdated attribute cannot continue until the password is changed.

+6
source share

You can see how to add an event handler for the PostAuthenticateRequest event in global.asax.

 protected void Application_Start(object sender, EventArgs e) { this.PostAuthenticateRequest += new EventHandler(Global_PostAuthenticateRequest); } void Global_PostAuthenticateRequest(object sender, EventArgs e) { if (passwordExpired) { Context.Response.Redirect("~/ChangePassword.aspx"); } }
+1
source share

More articles:


All Articles