我正在使用ASP.NET Core 3.1和context.Resource作为AuthorizationFilterContext,不能用于访问routeValues或queryString。我必须使用IHttpContextAccessor来获取routeValues [“ id”],但是IHttpContextAccessor没有Result属性来设置RedirectToPage(“ / View”,new {id =“ ....”})
public class NoEditOrDeleteSuperUserHandler : AuthorizationHandler<ManageSuperAdminRequirement>
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly UserManager<ApplicationUser> _userManager;
public NoEditOrDeleteSuperUserHandler(IHttpContextAccessor httpContextAccessor, UserManager<ApplicationUser> userManager)
{
this._httpContextAccessor = httpContextAccessor;
this._userManager = userManager;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageSuperAdminRequirement requirement)
{
var userId = _httpContextAccessor.HttpContext.Request.RouteValues["id"].ToString();
var selectedUser = _userManager.FindByIdAsync(userId).GetAwaiter().GetResult();
if (_userManager.IsInRoleAsync(selectedUser,"SuperAdmin").GetAwaiter().GetResult() == false)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
context.Fail();
var Response = _httpContextAccessor.HttpContext.Response;
var message= Encoding.UTF8.GetBytes("User with Super Admin role cannot be edited");
**// return RedirectToPage("/View", new {id = id});**
Response.OnStarting(async () =>
{
_httpContextAccessor.HttpContext.Response.StatusCode = 429;
await Response.Body.WriteAsync(message, 0, message.Length);
});
return Task.CompletedTask;
}
}
我正在使用自定义策略授权,当授权失败时,我想将用户重定向到returnUrl而不是“拒绝访问”页面
我发现我自己的上述问题的解决方案,该问题涉及自定义授权检查失败后如何将用户重定向到引用页面。
如果有更好的方法,请指导我。
1-我从HandleRequirementAsync
中删除了以下代码,并使其重定向到AccessDenied Page。
var Response = _httpContextAccessor.HttpContext.Response;
var message= Encoding.UTF8.GetBytes("User with Super Admin role cannot be edited");
**// return RedirectToPage("/View", new {id = id});**
Response.OnStarting(async () =>
{
_httpContextAccessor.HttpContext.Response.StatusCode = 429;
await Response.Body.WriteAsync(message, 0, message.Length);
});
2-在AccessDeniedModel类中,我添加了以下代码:
[TempData]
public string Message { get; set; }
public void OnGet()
{
Message = "Access Denied: You do not have access to this resource.";
HttpContext.Response.Redirect(HttpContext.Request.Headers["Referer"]);
}
4-在/User/Roles/View.cshtml.cs中,我定义了模型公共属性
[TempData]
public string Message { get; set; }
3-在/User/Roles/View.cshtml中,我添加了<p>@Model.Message</p>
以向用户显示消息。