Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/asp.net-mvc/16.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Asp.net mvc HandleUnauthorizedRequest进入无限期_Asp.net Mvc_Vb.net - Fatal编程技术网
Fatal编程技术网
  • asp.net-mvc/
  • Asp.net mvc HandleUnauthorizedRequest进入无限期

Asp.net mvc HandleUnauthorizedRequest进入无限期

asp.net-mvc vb.net

Asp.net mvc HandleUnauthorizedRequest进入无限期,asp.net-mvc,vb.net,Asp.net Mvc,Vb.net,我有以下两个动作,它们不断地相互调用,并以无限循环的方式进行。我做错了什么 Public Overrides Sub OnAuthorization(filterContext As System.Web.Mvc.AuthorizationContext) 'This calls the AuthorzeCore function and also makes sure that the browser does not cache this function M

我有以下两个动作,它们不断地相互调用,并以无限循环的方式进行。我做错了什么

Public Overrides Sub OnAuthorization(filterContext As System.Web.Mvc.AuthorizationContext)
        'This calls the AuthorzeCore function and also makes sure that the browser does not cache this function
        MyBase.OnAuthorization(filterContext)
        If Not IsNothing(filterContext.Result) Then
            Return
        End If
        'Gets the calling Controller
        Dim controllerName As String = filterContext.Controller.GetType().Name
        'Gets the calling action
        Dim actionName As String = filterContext.ActionDescriptor.ActionName

        'Checks whether the logged in user has access to the action of the controller
        Dim canAccess As test.Security.Permissions.PermissionTypes
        canAccess = test.ApplicationSecurity.GetSecurityObject().GetAccess(controllerName & "." & actionName)
        If canAccess = Security.Permissions.PermissionTypes.DISABLE Then
            'User has access to the application but not to the action they are trying to access, so throw a Unauthorised exception
            filterContext.HttpContext.Response.StatusCode = 403
            HandleUnauthorizedRequest(filterContext)
        End If

    End Sub

    Protected Overrides Sub HandleUnauthorizedRequest(filterContext As System.Web.Mvc.AuthorizationContext)
        ''To make sure that we throw a not authorised error rather not authenticated message
        'If filterContext.HttpContext.Request.IsAuthenticated Then
        '    'filterContext.Result = New HttpStatusCodeResult(CType(System.Net.HttpStatusCode.Forbidden, Int32))
        '    filterContext.Result = New RedirectToRouteResult(
        'Else
        '    MyBase.HandleUnauthorizedRequest(filterContext)
        'End If
        If (filterContext.HttpContext.Request.IsAjaxRequest()) Then
            Dim urlHelper As UrlHelper = New UrlHelper(filterContext.RequestContext)
            filterContext.Result = New JsonResult With {.Data = New With {.Error = "NotAuthorized", .URL = urlHelper.Action("UnAuthorized", "Error")}, _
                                                        .JsonRequestBehavior = JsonRequestBehavior.AllowGet}
        ElseIf filterContext.HttpContext.Response.StatusCode = 403 Then
            filterContext.Result = New ViewResult With {.ViewName = "UnAuthorized"}
        Else
            filterContext.Result = New ViewResult With {.ViewName = "UnAuthenticated"}

        End If
    End Sub
您不应该从内部
OnAuthorization
调用
HandleUnauthorizedRequest
,当请求无法授权时,会自动调用此方法

从:

在以下情况下,授权被拒绝:

•请求不与任何用户关联

•用户未通过身份验证

•用户已通过身份验证,但不在授权用户组(如定义)中,或者如果用户不在任何 授权角色的名称(如果定义)

如果拒绝授权,则此方法将调用 HandleUnauthorizedRequest(HttpActionContext)来处理 未经授权的请求

如果我从OnAuthorization函数中删除handleunauthorizedrequest调用,那么它只会忽略我已将statuscode设置为403并显示页面。我不确定这是否是一个好的做法,但它是有效的,如果我添加此行,而不是在授权函数filterContext.Result=New ViewResult和{.ViewName=“UnAuthorized”}中将状态代码设置为403,那么建议使用例如
filterContext.Result=New HttpUnauthorizedResult()
。如果我这样做,那么它基本上只是向用户显示用户名和密码弹出框,而不是显示带有我想要的错误消息的特定视图。还有其他方法吗?您可以通过
httpContext
访问控制器,请参见