ASP.Net MVC从控制器的部分视图重定向到其他控制器的完整视图
好的.因此,我有一个问题,我需要在控制器操作中进行一些授权检查.
Ok. So I have an issue where I need to do some authorization checks inside the controller action.
有授权角色,但是有人拥有TypeOnePayment却没有TypeTwo
There are authorization roles, but it can exist that someone has TypeOnePayment, but not TypeTwo
[Authorize(Roles = "TypeOnePayment;TypeTwoPayment")]
public ActionResult EnterRevenue(PaymentType payment)
{
payment = "TypeOne"; // This exists for show only.
var permission = string.Concat(payment,"Permission");
if (!SecurityUtility.HasPermission(permission))
{
return View("Unauthorized", "Error");
}
return this.PartialView("_EnterRevenue");
}
但是,由于这将返回部分视图,因此错误"屏幕仅出现在页面的部分视图部分中.有没有办法重定向到全新的页面?
But since this is returning the partial view, the "Error" screen only appears in the partial view portion of the page. Is there a way to redirect to an entirely new page?
通过ajax调用检索EnterRevenue.因此,只返回了html,并将其放置在调用它的视图中.
EnterRevenue is being retrieved through an ajax call. So just the html is being returned and it's being placed in the view it was called from.
您可以重定向到其他操作:
You can redirect to some other action :
public ActionResult EnterRevenue
{
if (!SecurityUtility.HasPermission(permission))
{
return View("Unauthorized", "Error");
}
return RedirectToAction("NotAuthorized","Error");
}
假设我们有ErrorController,其操作为NotAuthorized,该操作将返回普通视图,该视图显示您无权查看此页面.
Assume we have ErrorController with action NotAuthorized which returns normal View which displays you are not authorized to view this page.
如果需要对每个操作进行此检查,则需要实现自定义操作过滤器属性,在该属性中,您必须检查请求请求是否正常,否则将staus作为json返回并从客户端重定向.参见 asp.net mvc在访问页面之前检查用户是否被授权
If you need this check on every action, then you need to implement custom action filter attribute in which you will have to check if it is normal request redirect else return staus as json and redirect from client side. See asp.net mvc check if user is authorized before accessing page
这是一大段代码:
public class AuthorizationAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
string actionName = filterContext.ActionDescriptor.ActionName;
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
if (filterContext != null)
{
HttpSessionStateBase objHttpSessionStateBase = filterContext.HttpContext.Session;
var userSession = objHttpSessionStateBase["userId"];
if (((userSession == null) && (!objHttpSessionStateBase.IsNewSession)) || (objHttpSessionStateBase.IsNewSession))
{
objHttpSessionStateBase.RemoveAll();
objHttpSessionStateBase.Clear();
objHttpSessionStateBase.Abandon();
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.HttpContext.Response.StatusCode = 403;
filterContext.Result = new JsonResult { Data = "LogOut" };
}
else
{
filterContext.Result = new RedirectResult("~/Home/Index");
}
}
else
{
if (!CheckAccessRight(actionName, controllerName))
{
string redirectUrl = string.Format("?returnUrl={0}", filterContext.HttpContext.Request.Url.PathAndQuery);
filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl + redirectUrl, true);
}
else
{
base.OnActionExecuting(filterContext);
}
}
}
}
}
并在以下操作中使用它:
and use it on action like this:
[Authorization]
public ActionResult EnterRevenue
{
return this.PartialView("_EnterRevenue");
}