asp.net MVC 4中ajax请求的Authorize属性
我有一个操作方法,并使用ajax发布到其中,如下所示:asp.net MVC 4中ajax请求的Authorize属性,ajax,asp.net-mvc,asp.net-mvc-4,authentication,Ajax,Asp.net Mvc,Asp.net Mvc 4,Authentication,我有一个操作方法,并使用ajax发布到其中,如下所示: $.ajax({ url: "/GetSearchCriteria", type: "GET", //these is must cache: false, //these is for IE contentType: "application/j
$.ajax({
url: "/GetSearchCriteria",
type: "GET", //these is must
cache: false, //these is for IE
contentType: "application/json; charset=utf-8",
dataType: "json",
data: {
VehicleId : vehicleId
},
}).done(function (data) {
debugger;
$('#myModal').modal('show');
});
[AjaxAuthorize]
[GET("GetSearchCriteria")]
public ActionResult GetSearchCriteria(VehicleSearchModel model)
{
return Json(model , JsonRequestBehavior.AllowGet);
}
public class AjaxAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext context)
{
if (context.HttpContext.Request.IsAjaxRequest())
{
var urlHelper = new UrlHelper(context.RequestContext);
context.HttpContext.Response.StatusCode = 403;
context.Result = new JsonResult
{
Data = new
{
Error = "NotAuthorized",
LogOnUrl = "/Login" //urlHelper.Action("LogOn", "Account")
},
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
else
{
base.HandleUnauthorizedRequest(context);
}
}
}
我定义了如下的操作方法:
$.ajax({
url: "/GetSearchCriteria",
type: "GET", //these is must
cache: false, //these is for IE
contentType: "application/json; charset=utf-8",
dataType: "json",
data: {
VehicleId : vehicleId
},
}).done(function (data) {
debugger;
$('#myModal').modal('show');
});
[AjaxAuthorize]
[GET("GetSearchCriteria")]
public ActionResult GetSearchCriteria(VehicleSearchModel model)
{
return Json(model , JsonRequestBehavior.AllowGet);
}
public class AjaxAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext context)
{
if (context.HttpContext.Request.IsAjaxRequest())
{
var urlHelper = new UrlHelper(context.RequestContext);
context.HttpContext.Response.StatusCode = 403;
context.Result = new JsonResult
{
Data = new
{
Error = "NotAuthorized",
LogOnUrl = "/Login" //urlHelper.Action("LogOn", "Account")
},
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
else
{
base.HandleUnauthorizedRequest(context);
}
}
}
和授权ajax请求的方法,如下所示:
$.ajax({
url: "/GetSearchCriteria",
type: "GET", //these is must
cache: false, //these is for IE
contentType: "application/json; charset=utf-8",
dataType: "json",
data: {
VehicleId : vehicleId
},
}).done(function (data) {
debugger;
$('#myModal').modal('show');
});
[AjaxAuthorize]
[GET("GetSearchCriteria")]
public ActionResult GetSearchCriteria(VehicleSearchModel model)
{
return Json(model , JsonRequestBehavior.AllowGet);
}
public class AjaxAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext context)
{
if (context.HttpContext.Request.IsAjaxRequest())
{
var urlHelper = new UrlHelper(context.RequestContext);
context.HttpContext.Response.StatusCode = 403;
context.Result = new JsonResult
{
Data = new
{
Error = "NotAuthorized",
LogOnUrl = "/Login" //urlHelper.Action("LogOn", "Account")
},
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
else
{
base.HandleUnauthorizedRequest(context);
}
}
}
然后是JavaScript代码:
$(function () {
$(document).ajaxError(function (e, xhr) {
debugger;
if (xhr.status == 403) {
var response = $.parseJSON(xhr.responseText);
window.location = response.LogOnUrl;
}
});
});
1) 。我看到大多数情况下,这个authorize属性没有被命中。
2). 即使它被点击,用户也会被重定向到逻辑页面,但并没有返回url附加到url。
3). 任何用户都可以登录(即使他没有被授权登录。我只希望角色为Customer的用户以其他方式登录,以将他们重定向到未授权页面)
请建议如何做。将AttributeUsage添加到您的类中:
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class,
AllowMultiple = false, Inherited = true)]
public class AjaxAuthorizeAttribute : AuthorizeAttribute { ... }
请确保在
控制器
级别上没有常规的[Authorize]
属性
因为如果是这样,您的自定义
[AjaxAuthorize]
将不会被命中。当属性未被命中时,它是Ajax请求还是普通请求?