Intercepting request if user is not in role

Question

I have an ASP.NET MVC3 application with a custom membership provider.

I have a loginUrl specified in my web.config as follows:

<forms loginUrl="~/SSO/LogOn" timeout="86400" slidingExpiration="true"/>

I wondered how I can intercept this request when a user hits a page for which they don't have access rights so I can append something to this URL.

you want to intercept the request to the SSO based on the destination url in your site? — YavgenyP, Jun 26 '12 at 15:50

Craig Curtis · Accepted Answer · 2012-06-27T05:33:40.750

1

Assuming you have a Controller called SSO and an action method called LogOn, I think you just need to extend the AuthorizeAttribute:

public class AppendingAuthorizeAttribute : AuthorizeAttribute
{        
    protected override void HandleUnauthorizedRequest(AuthorizationContext context)
    {
        var url = new UrlHelper(context.RequestContext);
        var logonUrl = url.Action("LogOn", "SSO", new {appendedQueryStringParameter = "somevalue"});
        filterContext.Result = new RedirectResult(logonUrl);
    }
}

Just annotate the controllers/action methods that require authorization with this attribute and it should redirect to a url which looks like:

/SSO/LogOn?appendedQueryStringParameter=somevalue

edited Jun 27 '12 at 05:33

answered Jun 27 '12 at 05:28

Craig Curtis

853
10
24

That's really useful, thanks. Is there any way to override the existing Authorize attribute? – Nick Jun 27 '12 at 08:49
Apparently you can override it with the same name and MVC will use it instead of the default one: [http://stackoverflow.com/a/5844884/968301](http://stackoverflow.com/a/5844884/968301) – Craig Curtis Jun 27 '12 at 11:01

Intercepting request if user is not in role

1 Answers1