0

My Question:

  1. When user doesn't have Manager Role and Admin Role, I have to redirect to error page/some popup message. But when I checked if authorize "false" continuously windows security password windows its showing. When I entered user name and password again its showing windows security password.

  2. Every action method I have to check and I need to show the message or error page. how to solve this issues?

Controller Code:

[AuthorizeUser("Manager","Admin")]
public ActionResult Contact()
{
    return View();      
}

C# Code:

public AuthorizeUserAttribute(params int[] roles)
{
    allowedroles = roles;
}

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    bool authorize = false;
    var getList = _objService.GetUserRoleDetail(CommonStaticHelper.getLoggedUser());

    foreach (var role in allowedroles)
    {
        if (getList.Exists(m => m.RoleId == role))
        {
            return authorize = true; /* return true if Entity has current user(active) with specific role */
        }
    }
    return authorize;
}

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    filterContext.Result = new HttpUnauthorizedResult();
}
Balagurunathan Marimuthu
  • 2,927
  • 4
  • 31
  • 44
SENA
  • 119
  • 1
  • 2
  • 16

2 Answers2

2

/// Try this : 

///Create an action :

         public ActionResult Unauthorized()
                {
                    return View();
                }    
//// now write below code for authorization        


  protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
                {

                    if (filterContext.HttpContext.Request.IsAuthenticated)
                    {
                        //redirect to the Unauthenticated page
                        filterContext.Result = new RedirectToRouteResult(new 
 RouteValueDictionary(new { controller = "Error", action = "Unauthorized" 
 }));
                    }
                    else
                    {
                        base.HandleUnauthorizedRequest(filterContext);
                    }
                }



                protected override bool AuthorizeCore(HttpContextBase httpContext)
                {
                    var authorized = base.AuthorizeCore(httpContext);


                    if (!authorized)
                    {
                        // The user is not authenticated
                        return false;
                    }
                   else{
       var getList = 
         _objService.GetUserRoleDetail(CommonStaticHelper.getLoggedUser());

            foreach (var role in allowedroles)
            {
                if (getList.Exists(m => m.RoleId == role))
                {
                    return authorize = true; /* return true if Entity has current 
                   user(active) with specific role */
                }
            }

                return authorize = false;

                }
Praveen Maurya
  • 296
  • 1
  • 6
0

create your own Filter something like 

  public class AuthorityAttribute : AuthorizeAttribute
    {
        private readonly string[] allowedroles;
        public AuthorityAttribute(params string[] roles)
        {
            this.allowedroles = roles;
        }
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            foreach (var role in allowedroles)
            {
                if (PortalWebSessionManager.ActivePortalSettings.ActiveRoles != null)
                {
                    foreach (IDynamics.IDynamicsPortal.DataComponent.Roles currentRole in PortalWebSessionManager.ActivePortalSettings.ActiveRoles)
                    {
                        if (currentRole.RoleName == role)
                        {
                            return true;
                        }
                    }
                }
            }
            return false;
        }
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            filterContext.Result = new HttpUnauthorizedResult();
        }
    }

and call that filter

RAHUL S R
  • 1,569
  • 1
  • 11
  • 20