Fatal编程技术网
  • asp.net-mvc/
  • Asp.net mvc 使用授权筛选器时,页面未重定向到登录页面

Asp.net mvc 使用授权筛选器时,页面未重定向到登录页面

asp.net-mvc

Asp.net mvc 使用授权筛选器时,页面未重定向到登录页面,asp.net-mvc,authorization,Asp.net Mvc,Authorization,我创建了一个AuthorizationFilter,用于在访问操作方法时检查授权。代码如下: public class MyAuthorizeActionFilter : IAuthorizationFilter { private readonly int _userAge; public MyAuthorizeActionFilter(int userAge) { _userAge = userAge; } public void

我创建了一个AuthorizationFilter,用于在访问操作方法时检查授权。代码如下:

public class MyAuthorizeActionFilter : IAuthorizationFilter
{
    private readonly int _userAge;

    public MyAuthorizeActionFilter(int userAge)
    {
        _userAge = userAge;
    }

    public void OnAuthorization(AuthorizationFilterContext context)
    {
        bool isAuthorized = CheckUserPermission(context.HttpContext.User, _userAge);

        if (!isAuthorized)
        {
            context.Result = new UnauthorizedResult();
        }
    }

    private bool CheckUserPermission(ClaimsPrincipal user, int age)
    {
        if (user.Claims == null || !user.Claims.Any()) 
            return false;

        var dob = Convert.ToDateTime(user.FindFirst(ClaimTypes.DateOfBirth).Value);

        var years = DateTime.Today.Year - dob.Year;

        return years >= age;

    }
}

public class MyAuthorizeAttribute : TypeFilterAttribute
{
    public MyAuthorizeAttribute(int age) : base(typeof(MyAuthorizeActionFilter))
    {
        Arguments = new object[] { age };
    }
}
然后我创建了一个Authorize属性,如下所示:

public class MyAuthorizeActionFilter : IAuthorizationFilter
{
    private readonly int _userAge;

    public MyAuthorizeActionFilter(int userAge)
    {
        _userAge = userAge;
    }

    public void OnAuthorization(AuthorizationFilterContext context)
    {
        bool isAuthorized = CheckUserPermission(context.HttpContext.User, _userAge);

        if (!isAuthorized)
        {
            context.Result = new UnauthorizedResult();
        }
    }

    private bool CheckUserPermission(ClaimsPrincipal user, int age)
    {
        if (user.Claims == null || !user.Claims.Any()) 
            return false;

        var dob = Convert.ToDateTime(user.FindFirst(ClaimTypes.DateOfBirth).Value);

        var years = DateTime.Today.Year - dob.Year;

        return years >= age;

    }
}

public class MyAuthorizeAttribute : TypeFilterAttribute
{
    public MyAuthorizeAttribute(int age) : base(typeof(MyAuthorizeActionFilter))
    {
        Arguments = new object[] { age };
    }
}
我在控制器操作方法中使用了上面的authorize属性

[MyAuthorize(21)]
    public IActionResult Index()
    {
        return View();
    }
现在的问题是,当未经授权时,系统不会重定向到登录页面。虽然我将下面的代码放在启动类的ConfigureService方法中

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
            .AddCookie(options =>
            {
                options.Cookie.Name = "_auth";
                options.LoginPath = new PathString("/account/login");
                options.LogoutPath = new PathString("/account/logout");
                options.AccessDeniedPath = new PathString("/account/login");
            });
当页面未经授权时,任何人都可以帮助我重定向到登录页面。

在OnAuthorization中,检查授权后,我们可以使用以下代码重定向到帐户/登录页面

context.Result = new RedirectResult("~/account/login");

它已经包含在我的代码中