asp.net-mvc - MVC 3重定向不起作用

Question

我有一个与动作重定向有关的小问题。我想阻止用户使用 BaseController 类中的 OnActionExecuting 的覆盖来访问有关站点中特定区域的信息，该类是我所有控制器的基类。方法体：

protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
                RedirectToActionPermanent("InvalidPermission", "Account", new { target = 0, redirectURL = null as string });
            else
                base.OnActionExecuting(filterContext);
        }

    }

但是，这不会重定向到指定的操作。我究竟做错了什么？如果有的话，你们会建议什么其他方法？

谢谢，西尔维

Answer 1

戴夫的评论是对的！此外，这应该是您正在寻找的语法：-

 protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
            {
                var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
                if (currentArea != Session["LastKnownGoodArea"].ToString())
                {
                filterContext.Result = new RedirectToRouteResult(new
                    RouteValueDictionary(new
                    {
                        controller = "InvalidPermission",
                        action = "Account",
                        target = 0,                                         
                    }));
                filterContext.Result.ExecuteResult(filterContext);
                }       
                else
                {
                    base.OnActionExecuting(filterContext);
                }
            }

        }

Answer 2

我想阻止用户使用 BaseController 类中的 OnActionExecuting 的覆盖来访问有关站点中特定区域的信息，该类是我所有控制器的基类。

您为什么选择为此使用 OnActionExecuting？您正在对每个请求执行此 if 语句，我建议将该Authorize属性用于特定操作：

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var user = User as Eagle.Security.EaglePrincipal;

        if(httpContext.User.Identity.IsAuthenticated && user != null)
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            var lastKnownArea = Session["LastKnownGoodArea"];

            if (lastKnowArea == null)
               return false;

            return currentArea.Equals(lastKnownArea.ToString());
        }

        return base.AuthorizeCore(httpContext);            
    }
}

在您的web.config中，您可以配置重定向，例如：

 <customErrors mode="RemoteOnly">
  <error statusCode="403" redirect="/InvalidPermission/Account" />
 </customErrors>

如果您想控制 UnAuthorized 请求，您始终可以选择覆盖该HandleUnauthorizedRequest方法

Answer 3

这是最终的解决方案：

var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
            {
                filterContext.Result = new RedirectToRouteResult(new
                    RouteValueDictionary(new
                    {
                        controller = "Account",
                        action = "InvalidPermission",
                        area = "",
                        target = 0,
                        redirectURL = ""
                    }));
            }
            else
            {
                base.OnActionExecuting(filterContext);
            }

谢谢两位的意见，帮了大忙！干杯!

Answer 4

您无法从过滤器重定向到操作，因为它尚未创建操作结果。您只能创建一条新路线。我不完全确定您需要的语法。我把这个放在一起作为一个例子。

protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
            filterContext.Result = new RedirectToRouteResult(
    new System.Web.Routing.RouteValueDictionary {
        {"controller", "InvalidPermission"}, {"action", "Account"}, {target =0}, {redirectURL = null as string }

            else
                base.OnActionExecuting(filterContext);
        }

    }