Return to the controller that generates the call when an unauthorized event is thrown

Question

My goal is to show up a modal dialog on a view when a Unathorized event is thrown. I have override the OnAuthorization method of my custom AuthorizedAttribute like this post:

ASP.NET MVC - How to show unauthorized error on login page?

But the problem is that the TempData is sent to the unauthorized controller (ClientController) and it is not the desired behaviour.

What I need is: call Home/Index/ToClientes and when it tries to get Client/Index show a Modal Dialog on Home/Index to inform the user about the unauthorized event.

[HttpPost]
public ActionResult ToClientes()
{
    return RedirectToAction("Index", "Client");
}

At present the TempData is read inside ClientController I would need to read it on HomeController to show the modal popup view explaining the error.

My Overrride OnAuthorization method is similar to the one on the referenced post

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    private bool _isAuthorized;

    protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
    {
        _isAuthorized = base.AuthorizeCore(httpContext);
        return _isAuthorized;
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);

        if(!_isAuthorized)
        {
            filterContext.Controller.TempData.Add("RedirectReason", "Unauthorized");
        }
    }
}

Is there anyway to send the TempData to the controller that called the function but not the one that generates the onAuthorization method? Or Is there any other easier way to show a modal popup when an unauthorized event is raised?

Answer 1

I have found a way to achieve the goal.

I have used Session to store the info about the Unauthorized event in my custom AuthorizeAtributte in HandleUnauthorizedRequest

protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
{
    if (filterContext.HttpContext.Request.IsAuthenticated)
    {


        filterContext.HttpContext.Session["OpenAuthorizationPopup"] =  "true";

        filterContext.Result = new RedirectResult(filterContext.Controller.TempData["urlOrigen"].ToString());

    }
    else
    {
        base.HandleUnauthorizedRequest(filterContext);
    }
}

The filterContext.Result is needed in order to avoid that the code inside the unauthorized function is executed.

Then in the shared layout of all the views I have added the JS code

 @if ((Session["OpenAuthorizationPopup"] ?? "false") == "true")
    {
        Session["OpenAuthorizationPopup"] = "false";
        <script type="text/javascript">
            $(document).ready(function () {
                $('#myModal').modal('show');
            });
        </script>
        <div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
            <div class="modal-dialog">
                <div class="modal-content">
                    <div class="modal-header">
                        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
                        <h4 class="modal-title" id="myModalLabel">Modal title</h4>
                    </div>
                    <div class="modal-body">
                        ...
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
                        <button type="button" class="btn btn-primary">Save changes</button>
                    </div>
                </div><!-- /.modal-content -->
            </div><!-- /.modal-dialog -->
        </div><!-- /.modal -->

    }

Now the modal view is only shown when the unauthorized event is raised and it is shown on the page that generate the request.