ASP.NET MVC - modal window for passing additional credentials

Question

In my application I have several areas(views) which should be accessible only for these users who have certain privilages. IF currently logged user do not has right to see given view a popup window should appear. In this moment user can give some additional information in order see the view. The point is that the user can't leave current view untill he/she provide this information. So far I think I could do this that way. First of all I defined custom AuthorizeAttribute. This attribute is applied to controler which is responsible for protecting restricted views. My attribute looks like this

 public class PopupAuthorizeAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {

            if (filterContext.HttpContext.Session["confirmed"] == null)
            {
                filterContext.Controller.ViewData["ShowPopup"] = true;
            }
            else
                filterContext.Controller.ViewData["ShowPopup"] = false;
        }
    }

Next I modified _Layout.cshtml to look this way

...
...
<body>
    <div id="main">   
           @{
                if ((ViewData[ShowPopup] != null && (bool)ViewData[ShowPopup]))
                {
                <script type="text/javascript">
                    showPopUp();
                </script>
                }
            }
        <div id="header">
           title
        </div>
        <div id="menu">
            @{
                Html.RenderAction("TopMenu", "Menu");
             }
        </div>
        <div id="treeView">
            @{
                Html.RenderAction("TreeMenu", "Tree");
            }
        </div>
        <div id="content">

            @RenderBody()
        </div>
    </div>
</body>
...
...

Unfortunatelly the result was different than I expected. Now the view which supposed to be inaccessible for user is rendered and the popup is shown. I tried to redirect current view to previous one in my custom attribute doing sth like that

public class PopupAuthorizeAttribute : AuthorizeAttribute
        {
            public override void OnAuthorization(AuthorizationContext filterContext)
            {

                if (filterContext.HttpContext.Session["confirmed"] == null)
                {
                    filterContext.Controller.ViewData["ShowPopup"] = true;
                     filterContext.Result =
                    new RedirectResult(filterContext.RequestContext.HttpContext.Request.UrlReferrer.ToString());

                }
                else
                    filterContext.Controller.ViewData["ShowPopup"] = false;
            }
        }

However if I do that I losse information stored in ViewData. Is there any elegant or better way to achieve this functionality. Unfortunatelly I can't redirect a user to "normal" page, this must be done in popupwindow.

score 0 · Answer 1 · answered Feb 08 '12 at 20:48

Information stored in ViewData will get lost after you redirect to another action. If you want the information to persist, you can use TempData[] instead.

For a more maintainable solution to your requirements however, I would go with the role based authorization scheme. In your case, your controller would check if the user is of the proper role to view certain parts of the page, and store this information in ViewData/ViewBag(Via User.IsInRole("Administrator") etc...). Your view will construct itself based on the information inside the ViewData/ViewBag.

To set this up is quite a bit of work, you will have to do some googling to find the proper tutorials.

Here is one I found that seems good: http://weblogs.asp.net/scottgu/archive/2006/07/23/Recipe_3A00_-Implementing-Role-Based-Security-with-ASP.NET-using-Windows-Authentication-and-SQL-Server.aspx

In a nutshell your web.config file will need to have something similar to what's below when you are done:

    <roleManager enabled="true" defaultProvider="YourRoleProvider">
        <providers>
            <clear />
            <add name="YourRoleProvider"
                 applicationName="YourApplicationName"
                 type="YourProject.Models.YourRoleProvider"
                 connectionStringName="YourDatabaseConnectionString" />
        </providers>
    </roleManager>

basically thanks to my attribue I do sth like a role provider. The true problem is figure out the way how to show popWindow.In normal roleprovider I would be redirected to login page, but I want show a popup window on current view — Berial, Feb 08 '12 at 21:05
Actually the redirect and login authentication is handled by your MembershipProvider. There are a number of ways you can show a "pop up" window on a view, I was more concerned with how to determine if the "pop up" window should be displayed in my answer. One way to show a modal pop up window is to use the jQuery UI library. There is Dialog control in it, I have used it before it is quite nice. — Bojin Li, Feb 08 '12 at 21:16

ASP.NET MVC - modal window for passing additional credentials

1 Answers1