Javascript 在自定义授权期间强制ajax.fail()以管理登录重定向
在MVC应用程序中,我在控制器中的方法上发布了jQuery ajax帖子:Javascript 在自定义授权期间强制ajax.fail()以管理登录重定向,javascript,jquery,asp.net-mvc,Javascript,Jquery,Asp.net Mvc,在MVC应用程序中,我在控制器中的方法上发布了jQuery ajax帖子: function initFormForInsert(metodoLoadForm, nomeForm, divForm, widthForm, heightForm, metodoInsert) { blockPage(); var request = $.ajax( { type: 'POST', url: getRootURL() +
function initFormForInsert(metodoLoadForm, nomeForm, divForm, widthForm, heightForm, metodoInsert) {
blockPage();
var request = $.ajax(
{
type: 'POST',
url: getRootURL() + metodoLoadForm
});
request.done(function (data) {
//alert(data);
LoadFormForInsert(data, nomeForm, divForm, widthForm, heightForm, metodoInsert);
});
request.fail(function (jqXHR, textStatus) {
unblockPage();
showErrorDialog("Error", textStatus);
});
}
我可以以某种方式强制请求.fail()
吗
当我在控制器中使用全局筛选器对我的所有方法进行授权时(代码如下)
特别是当我收到这个Ajax帖子并且我的会话变量为null时,我想抛出一个异常
protected override bool AuthorizeCore(HttpContextBase httpContext) {
try {
UserToken cUt = httpContext.GetUser();
if (cUt == null) {
//session is null
return false;
}
string request = httpContext.Request.Path;
if (httpContext.Request.Path.LastOrDefault() == '/')
request = httpContext.Request.Path.Remove(httpContext.Request.Path.Length - 1);
if (cUt.DeniedActions.Contains(request.ToUpper())) {
//user is not authorized
return false;
}
return true;
} catch (Exception) {
return false;
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
UserToken cUt = filterContext.HttpContext.GetUser();
if (cUt == null) {
//session is null
if (
//filterContext.HttpContext.Response.StatusCode == 302 &&
filterContext.HttpContext.Request.Headers["X-Requested-With"] == "XMLHttpRequest"
) {
//filterContext.HttpContext.Response.Clear();
filterContext.HttpContext.Response.StatusCode = 401;
} else {
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new {
controller = "Login",
action = "Login"
})
);
}
}
我以这种方式修改了JavaScript对话框:
function initFormForInsert(metodoLoadForm, nomeForm, divForm, widthForm, heightForm, metodoInsert) {
blockPage();
var request = $.ajax(
{
type: 'POST',
url: getRootURL() + metodoLoadForm,
statusCode: {
200: function (data) {
//alert(200);
LoadFormForInsert(data, nomeForm, divForm, widthForm, heightForm, metodoInsert);
},
401: function (jqXHR, textStatus, errorThrown) {
//alert(401);
hrefTo("/Login/Login") ;
}
}
});
//request.done(function (data) {
// //alert(data);
// LoadFormForInsert(data, nomeForm, divForm, widthForm, heightForm, metodoInsert);
//});
request.fail(function (jqXHR, textStatus) {
unblockPage();
showErrorDialog("Errore inizializzando la form per inserimento ", textStatus);
});
}
下面的例子是:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
try
{
UserToken cUt = httpContext.GetUser();
if (cUt == null)
//session is null
{
return false;
}
string request = httpContext.Request.Path;
if (httpContext.Request.Path.LastOrDefault() == '/')
request = httpContext.Request.Path.Remove(httpContext.Request.Path.Length - 1);
if (cUt.DeniedActions.Contains(request.ToUpper()))
{
//user is not authorized
return false;
}
return true;
}
catch (Exception)
{
return false;
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
UserToken cUt = filterContext.HttpContext.GetUser();
if (cUt == null)
{
// session is null
if (filterContext.HttpContext.Request.Headers["X-Requested-With"] == "XMLHttpRequest")
{
filterContext.HttpContext.Response.TrySkipIisCustomErrors = true;
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
filterContext.HttpContext.Response.End();
return;
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new
{
controller = "Login",
action = "Login"
})
);
}
}
}
你觉得可以吗
或者另一种方法,即使速度较慢,也可以在if brench中添加
检查会话变量
blockPage();
if (checkSessionVariable()) {
hrefTo("/Login/Login");
}
else {
var request = $.ajax(
{
type: 'POST',
url: getRootURL() + metodoLoadForm,
});
request.done(function (data) {
//alert(data);
LoadFormForInsert(data, nomeForm, divForm, widthForm, heightForm, metodoInsert);
});
request.fail(function (jqXHR, textStatus) {
unblockPage();
showErrorDialog("Errore inizializzando la form per inserimento ", textStatus);
});
}
其中check session变量是另一个post check session变量
function checkSessionVariable() {
var request = $.ajax(
{
type: 'POST',
url: getRootURL() + "/Login/SessionExpired"
});
request.done(function (data) {
return (data);
});
request.fail(function (jqXHR, textStatus) {
return 0;
});
}
也许这是一个更可靠的解决方案?不建议给出500或403个错误作为解决方法。请记住,这些是状态代码,表示未找到资源的N/w故障 相反,尝试将来自服务器的结果作为正面响应处理,并使用负面场景 这意味着现在需要按如下方式处理数据
request.done(function (data) {
//alert(data);
if(data.positive) {
LoadFormForInsert(data, nomeForm, divForm, widthForm, heightForm, metodoInsert);
}
else if(data.negative){
unblockPage();
showErrorDialog("Error", textStatus);
}
});
例如,您也可以传递cookie(下面的伪代码)
是的,返回一个不是
2xx
的头,例如,500
或403
谢谢Kevin,此时上述代码不起作用,可能是因为缺少头。。javascript始终是request.done。。我试着把头球放进去
request.done(function (data) {
//alert(data);
if(cookie == "positive") {
LoadFormForInsert(data, nomeForm, divForm, widthForm, heightForm, metodoInsert);
}
else if(cookie == "negative"){
unblockPage();
showErrorDialog("Error", textStatus);
}
});