ASP.NET MVC – How to show unauthorized error on login page?

by

UPDATE (Jun 2015): @daniel-lidström has correctly pointed out that you should not use Response.Redirect in an ASP.NET MVC application. For more information about why, please see this link: Response.Redirect and ASP.NET MVC – Do Not Mix.

UPDATE (Sep 2014): I’m not sure when HandleUnauthorizedRequest was added to the AuthorizeAttribute, but either way I’ve been able to refine the AuthorizeRedirect code into something smaller and simpler.

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthorizeRedirect : AuthorizeAttribute
{
    public string RedirectUrl = "~/Error/Unauthorized";

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        base.HandleUnauthorizedRequest(filterContext);

        if (filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.Result = new RedirectResult(RedirectUrl);
        }
    }
}

Original Answer Below (still fully functional)

I’ve left this answer here as it still gives you an insight as to how the Authorization pipeline works.

For anyone still landing here, I’ve edited Ben Scheirman’s answer to automatically redirect to an unauthorized page when the user is logged in but not authorized. You can change the redirect path using the name parameter RedirectUrl.

EDIT: I’ve made the solution thread-safe thanks to the advice of Tarynn and MSDN

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthorizeRedirect : AuthorizeAttribute
{
    private const string IS_AUTHORIZED = "isAuthorized";

    public string RedirectUrl = "~/error/unauthorized";

    protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
    {
        bool isAuthorized = base.AuthorizeCore(httpContext);

        httpContext.Items.Add(IS_AUTHORIZED, isAuthorized);

        return isAuthorized;
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);

        var isAuthorized = filterContext.HttpContext.Items[IS_AUTHORIZED] != null 
            ? Convert.ToBoolean(filterContext.HttpContext.Items[IS_AUTHORIZED]) 
            : false;

        if (!isAuthorized && filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.RequestContext.HttpContext.Response.Redirect(RedirectUrl);
        }
    }
}

More Related Contents:

  1. Could not find a part of the path … bin\roslyn\csc.exe
  2. ASP.NET MVC Global Variables
  3. Passing data to Master Page in ASP.NET MVC
  4. Visual Studio – Resx File default ‘internal’ to ‘public’
  5. ASP.NET MVC Razor render without encoding
  6. MEF with MVC 4 or 5 – Pluggable Architecture (2014)
  7. The model item passed into the dictionary is of type ‘mvc.Models.ModelA’ but this dictionary requires a model item of type ‘mvc.Models.ModelB‘
  8. Can I use ASP.NET MVC together with regular ASP.NET Web forms
  9. System.web.mvc missing
  10. How to write code that runs once
  11. How do I get the contents of a JSON file I added in the StartUp method to use it in one of my actions?
  12. How to Convert JSON object to Custom C# object?
  13. HTML.ActionLink method
  14. Fire and forget async method in asp.net mvc
  15. Object cannot be cast from DBNull to other types
  16. How do I log a user out when they close their browser or tab in ASP.NET MVC?
  17. Asmx web service how to return JSON and not XML?
  18. How to omit methods from Swagger documentation on WebAPI using Swashbuckle
  19. HttpClient single instance with different authentication headers
  20. MemoryStream – Cannot access a closed Stream
  21. Why is Asp.Net Identity IdentityDbContext a Black-Box?
  22. How can I secure passwords stored inside web.config?
  23. Asp.Net MVC3: Set custom IServiceProvider in ValidationContext so validators can resolve services
  24. How to add Web API to an existing ASP.NET MVC (5) Web Application project?
  25. Could not load file or assembly ‘System.Net.Http.Formatting’ or one of its dependencies. The system cannot find the path specified
  26. C# Clear Session
  27. Uploading image in ASP.NET MVC
  28. Why does ServerVariable[“REMOTE_ADDR”] returns the server IP?
  29. Limit only one session per user in ASP.NET
  30. Web Service without adding a reference?

Leave a Comment