我正在为我的网站编写登录功能。当用户请求受我的[CustomAuthorize]
属性限制的视图时,用户会被正确地重定向到/Login/Index
附加了查询字符串 ( ?ReturnUrl=%2fRestricted%2fView
) 的视图。
但问题来了……
当用户尝试登录时,出现验证错误。发布请求导致回发(duh),并且附加的查询字符串从 Url 中消失。
- 回发后如何保留查询字符串?
CustomAuthorize.cs:
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.User.Identity.IsAuthenticated)
{
var customIdentity = (CustomIdentity)httpContext.User.Identity;
var customPrincipal = new CustomPrincipal(customIdentity);
if (customIdentity.IsAdmin)
{
httpContext.User = customPrincipal;
Thread.CurrentPrincipal = customPrincipal;
}
}
return base.AuthorizeCore(httpContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
var urlRequested = filterContext.HttpContext.Request.Path;
//urlRequested contains "/Restricted/View"
//Do something with 'urlRequested' here, or?
base.HandleUnauthorizedRequest(filterContext);
}
}
登录/索引视图:
<body>
@using (Html.BeginForm("Index", "Login"))
{
<div>
@Html.LabelFor(model => model.UserName)
</div>
<div>
@Html.EditorFor(model => model.UserName)
@Html.ValidationMessageFor(model => model.UserName)
</div>
<div>
@Html.LabelFor(model => model.Password)
</div>
<div>
@Html.EditorFor(model => model.Password)
@Html.ValidationMessageFor(model => model.Password)
</div>
<div>
@Html.LabelFor(model => model.RememberMe)
</div>
<div>
@Html.EditorFor(model => model.RememberMe)
@Html.ValidationMessageFor(model => model.RememberMe)
</div>
<p>
<input type="submit" value="Login!" />
</p>
@Html.ValidationSummary(true)
}
</body>
登录/索引控制器操作:
[HttpPost]
public ActionResult Index(LoginModelBinding login, string returnUrl)
{
if (ModelState.IsValid)
{
if (Service.CheckUser(login.UserName, login.Password))
{
String loginError;
CustomAuthorization.Login(login.UserName, login.Password, out loginError);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
return RedirectToAction("Index", "MitTeam");
}
ModelState.AddModelError("", "The entered user name or password is incorrect");
}
return View(login);
}
解决方案: 根据 Naveen 的回答,我修改了如下代码:
public static void SaveReturnUrl(this Controller controller, string returnUrl, bool showAfterRedirect = true)
{
if (showAfterRedirect)
{
controller.TempData["returnUrl"] = returnUrl;
}
else
{
controller.ViewData["returnUrl"] = returnUrl;
}
}
public static string RetrieveReturnUrl(this Controller controller)
{
var message = controller.ViewData.ContainsKey("returnUrl") ? controller.ViewData["returnUrl"] : controller.TempData.ContainsKey("returnUrl") ? controller.TempData["returnUrl"] : null;
return message as string;
}
使用这两种扩展方法,我可以在我的登录控制器方法/操作中保存和检索 returnurl。
登录发帖方式:
var previousReturnUrl = this.RetrieveReturnUrl();
if(!ModelState.IsValid)
{
if(string.IsNullOrEmpty(previousReturnUrl))
{
this.SaveReturnUrl(returnUrl);
}
return View(login);
}
如果模型状态有效,我只需调用this.RetrieveReturnUrl
并解码它,这样我就可以在成功登录的情况下重定向用户。