0

我有一个与动作重定向有关的小问题。我想阻止用户使用 BaseController 类中的 OnActionExecuting 的覆盖来访问有关站点中特定区域的信息,该类是我所有控制器的基类。方法体:

protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
                RedirectToActionPermanent("InvalidPermission", "Account", new { target = 0, redirectURL = null as string });
            else
                base.OnActionExecuting(filterContext);
        }

    }

但是,这不会重定向到指定的操作。我究竟做错了什么?如果有的话,你们会建议什么其他方法?

谢谢,西尔维

4

4 回答 4

1

戴夫的评论是对的!此外,这应该是您正在寻找的语法:-

 protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
            {
                var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
                if (currentArea != Session["LastKnownGoodArea"].ToString())
                {
                filterContext.Result = new RedirectToRouteResult(new
                    RouteValueDictionary(new
                    {
                        controller = "InvalidPermission",
                        action = "Account",
                        target = 0,                                         
                    }));
                filterContext.Result.ExecuteResult(filterContext);
                }       
                else
                {
                    base.OnActionExecuting(filterContext);
                }
            }

        }
于 2013-02-11T13:58:04.173 回答
1

我想阻止用户使用 BaseController 类中的 OnActionExecuting 的覆盖来访问有关站点中特定区域的信息,该类是我所有控制器的基类。

您为什么选择为此使用 OnActionExecuting?您正在对每个请求执行此 if 语句,我建议将该Authorize属性用于特定操作:

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var user = User as Eagle.Security.EaglePrincipal;

        if(httpContext.User.Identity.IsAuthenticated && user != null)
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            var lastKnownArea = Session["LastKnownGoodArea"];

            if (lastKnowArea == null)
               return false;

            return currentArea.Equals(lastKnownArea.ToString());
        }

        return base.AuthorizeCore(httpContext);            
    }
}

在您的web.config中,您可以配置重定向,例如:

 <customErrors mode="RemoteOnly">
  <error statusCode="403" redirect="/InvalidPermission/Account" />
 </customErrors>

如果您想控制 UnAuthorized 请求,您始终可以选择覆盖该HandleUnauthorizedRequest方法

于 2013-02-11T14:21:37.090 回答
1

这是最终的解决方案:

var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
            {
                filterContext.Result = new RedirectToRouteResult(new
                    RouteValueDictionary(new
                    {
                        controller = "Account",
                        action = "InvalidPermission",
                        area = "",
                        target = 0,
                        redirectURL = ""
                    }));
            }
            else
            {
                base.OnActionExecuting(filterContext);
            }

谢谢两位的意见,帮了大忙!干杯!

于 2013-02-11T14:22:45.363 回答
0

您无法从过滤器重定向到操作,因为它尚未创建操作结果。您只能创建一条新路线。我不完全确定您需要的语法。我把这个放在一起作为一个例子。

protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
            filterContext.Result = new RedirectToRouteResult(
    new System.Web.Routing.RouteValueDictionary {
        {"controller", "InvalidPermission"}, {"action", "Account"}, {target =0}, {redirectURL = null as string }

            else
                base.OnActionExecuting(filterContext);
        }

    }
于 2013-02-11T13:34:52.743 回答