Geek Answers Handbook

How does RedirectToRouteResult work?

I am currently using RedirectToRouteResult as follows:

 public void OnAuthorization(AuthorizationContext filterContext) { User user = filterContext.HttpContext.Session["user"] as User; if (user == null || user.Role != expectedRole) { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { {"controller", _controller}, {"action", _action} }); } }

This code is in my CheckLoginAttribute class.

I intend to use it as a decorator for certain controller actions, for example:

 [CheckLogin(RolesEnum.Member, "MyController", "MyAction")] public JsonResult GetNews()

So basically, I try to shorten the GetNews () call and skip the action if the user is not logged in. If the user has not logged in, I want him to be redirected to another action.

Will RedirectToRouteResult redirected to the corresponding side of the action server without having to do a large loop through the client side (for example, rewrite the location of the window URL or something like that)? So does it work?

+6
asp.net-mvc-2
source share
3 answers

Well, I figured it out myself.

So basically, this was not the β€œredirect” I needed. I was looking for the wrong place to solve my problem. I knew that redirection means that I would have to make some client / server trips just to return a json result, and that didn’t like it.

It took me a while to realize that I can pass any type of result to filterContext.Result.

It's my fault. I did not ask the right question because I did not quite understand the problem I was facing. After a lot of research, it comes down to being really stupid.

Final decision:

  public class CheckLoginAttribute : AuthorizeAttribute, IAuthorizationFilter { private RolesEnum expectedRole; public CheckLoginAttribute(RolesEnum role) { expectedRole = role; } public override void OnAuthorization(AuthorizationContext filterContext) { User user = filterContext.HttpContext.Session["user"] as User; if (user == null || user.Role != expectedRole) { filterContext.Result = new JsonResult() { JsonRequestBehavior = JsonRequestBehavior.AllowGet, Data = new LoginMessage() { IsValidLogin = false } }; } } }

And now I can decorate my actions with this:

 [CheckLogin(RolesEnum.Admin)]

A bit more code to avoid stealing an ASP.NET session, and I ended up.

Hope this helps someone out there. Thanks.

+4
source share

Not. RedirectXXXResult always returns HTTP 302 . This is not the equivalent of Server.Transfer ().

+1
source share

Your solution is not reliable and complicates the client code; Not to mention the overhead of maintaining this code for all different types of clients.

By returning JSON, the response status code will be 200. This means that you need to add security logic for each of your clients in order to interpret each response to detect unauthorized access. Use the Authorize filter.

http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v = vs .118) .aspx

Note:

"If an unauthorized user tries to access the method marked with the Authorize attribute, the MVC returns an HTTP status code 401. If the site is configured to use ASP.NET forms authentication, the status code 401 calls the browser to redirect the user to the login page."

0
source share

More articles:


All Articles