是否可以在自定义AuthorizeAttribute类中使用RedirectToAction()？

Question

使用ASP.Net MVC 2,有没有办法在基于类的类中使用Controller类的RedirectToAction()方法？AuthorizeAttribute

public class CustomAttribute : AuthorizeAttribute {
    protected override bool AuthorizeCore(HttpContextBase context) {
        // Custom authentication goes here
        return false;
    }

    public override void OnAuthorization(AuthorizationContext context) {
        base.OnAuthorization(context);

        // This would be my ideal result
        context.Result = RedirectToAction("Action", "Controller");
    }
}

我正在寻找一种方法,在用户验证失败时将用户重定向到特定的控制器/操作,而不是将其返回到登录页面.是否可以为该控制器/操作生成重定向 URL,然后使用RedirectResult()？我试图避免仅仅对URL进行硬编码的诱惑.

Answer 1

你可以/应该覆盖HandleUnauthorizedRequest而不是OnAuthorization.这是默认实现:

    protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
        // Returns HTTP 401 - see comment in HttpUnauthorizedResult.cs.
        filterContext.Result = new HttpUnauthorizedResult();
    }

你不能使用Controller.RedirectToAction,但你可以返回一个新的RedirectToRouteResult.

所以你可以这样做:

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
        // Returns HTTP 401 - see comment in HttpUnauthorizedResult.cs.
        filterContext.Result = new RedirectToRouteResult(
                                   new RouteValueDictionary 
                                   {
                                       { "action", "ActionName" },
                                       { "controller", "ControllerName" }
                                   });
    }

Answer 2

你可以这样做:

var routeValues = new RouteValueDictionary();
routeValues["controller"] = "ControllerName";
routeValues["action"] = "ActionName";
//Other route values if needed.
context.Result = new RedirectToRouteResult(routeValues);

当您在控制器中调用"RedirectToAction()"时,这是框架执行此操作的方式.