Asp.net mvc 使用授权筛选器时,页面未重定向到登录页面
我创建了一个AuthorizationFilter,用于在访问操作方法时检查授权。代码如下:Asp.net mvc 使用授权筛选器时,页面未重定向到登录页面,asp.net-mvc,authorization,Asp.net Mvc,Authorization,我创建了一个AuthorizationFilter,用于在访问操作方法时检查授权。代码如下: public class MyAuthorizeActionFilter : IAuthorizationFilter { private readonly int _userAge; public MyAuthorizeActionFilter(int userAge) { _userAge = userAge; } public void
public class MyAuthorizeActionFilter : IAuthorizationFilter
{
private readonly int _userAge;
public MyAuthorizeActionFilter(int userAge)
{
_userAge = userAge;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
bool isAuthorized = CheckUserPermission(context.HttpContext.User, _userAge);
if (!isAuthorized)
{
context.Result = new UnauthorizedResult();
}
}
private bool CheckUserPermission(ClaimsPrincipal user, int age)
{
if (user.Claims == null || !user.Claims.Any())
return false;
var dob = Convert.ToDateTime(user.FindFirst(ClaimTypes.DateOfBirth).Value);
var years = DateTime.Today.Year - dob.Year;
return years >= age;
}
}
public class MyAuthorizeAttribute : TypeFilterAttribute
{
public MyAuthorizeAttribute(int age) : base(typeof(MyAuthorizeActionFilter))
{
Arguments = new object[] { age };
}
}
然后我创建了一个Authorize属性,如下所示:
public class MyAuthorizeActionFilter : IAuthorizationFilter
{
private readonly int _userAge;
public MyAuthorizeActionFilter(int userAge)
{
_userAge = userAge;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
bool isAuthorized = CheckUserPermission(context.HttpContext.User, _userAge);
if (!isAuthorized)
{
context.Result = new UnauthorizedResult();
}
}
private bool CheckUserPermission(ClaimsPrincipal user, int age)
{
if (user.Claims == null || !user.Claims.Any())
return false;
var dob = Convert.ToDateTime(user.FindFirst(ClaimTypes.DateOfBirth).Value);
var years = DateTime.Today.Year - dob.Year;
return years >= age;
}
}
public class MyAuthorizeAttribute : TypeFilterAttribute
{
public MyAuthorizeAttribute(int age) : base(typeof(MyAuthorizeActionFilter))
{
Arguments = new object[] { age };
}
}
我在控制器操作方法中使用了上面的authorize属性
[MyAuthorize(21)]
public IActionResult Index()
{
return View();
}
现在的问题是,当未经授权时,系统不会重定向到登录页面。虽然我将下面的代码放在启动类的ConfigureService方法中
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "_auth";
options.LoginPath = new PathString("/account/login");
options.LogoutPath = new PathString("/account/logout");
options.AccessDeniedPath = new PathString("/account/login");
});
当页面未经授权时,任何人都可以帮助我重定向到登录页面。在OnAuthorization中,检查授权后,我们可以使用以下代码重定向到帐户/登录页面
context.Result = new RedirectResult("~/account/login");
或
它已经包含在我的代码中