ASP.NET CORE 3.1如何从HandleRequirementAsync重定向

问题描述 投票:0回答:1

我正在使用ASP.NET Core 3.1和context.Resource作为AuthorizationFilterContext,不能用于访问routeValues或queryString。我必须使用IHttpContextAccessor来获取routeValues [“ id”],但是IHttpContextAccessor没有Result属性来设置RedirectToPage(“ / View”,new {id =“ ....”})

public class NoEditOrDeleteSuperUserHandler : AuthorizationHandler<ManageSuperAdminRequirement>
{
    private readonly IHttpContextAccessor _httpContextAccessor;
    private readonly UserManager<ApplicationUser> _userManager;        

    public NoEditOrDeleteSuperUserHandler(IHttpContextAccessor httpContextAccessor, UserManager<ApplicationUser> userManager)
    {
        this._httpContextAccessor = httpContextAccessor;
        this._userManager = userManager;            
    }

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageSuperAdminRequirement requirement)
    {
        var userId =  _httpContextAccessor.HttpContext.Request.RouteValues["id"].ToString();

        var selectedUser = _userManager.FindByIdAsync(userId).GetAwaiter().GetResult();


        if (_userManager.IsInRoleAsync(selectedUser,"SuperAdmin").GetAwaiter().GetResult() == false)
        {
            context.Succeed(requirement);
            return Task.CompletedTask;
        }

        context.Fail();
        var Response = _httpContextAccessor.HttpContext.Response;
        var message= Encoding.UTF8.GetBytes("User with Super Admin role cannot be edited");


        **// return RedirectToPage("/View", new {id = id});**

        Response.OnStarting(async () =>
        {
            _httpContextAccessor.HttpContext.Response.StatusCode = 429;
            await Response.Body.WriteAsync(message, 0, message.Length);
        });

        return Task.CompletedTask;
    }
}

我正在使用自定义策略授权,当授权失败时,我想将用户重定向到returnUrl而不是“拒绝访问”页面

asp.net-core-3.1
1个回答
0
投票

我发现我自己的上述问题的解决方案,该问题涉及自定义授权检查失败后如何将用户重定向到引用页面。

如果有更好的方法,请指导我。

1-我从HandleRequirementAsync中删除了以下代码,并使其重定向到AccessDenied Page。

    var Response = _httpContextAccessor.HttpContext.Response;
    var message= Encoding.UTF8.GetBytes("User with Super Admin role cannot be edited");


    **// return RedirectToPage("/View", new {id = id});**

    Response.OnStarting(async () =>
    {
        _httpContextAccessor.HttpContext.Response.StatusCode = 429;
        await Response.Body.WriteAsync(message, 0, message.Length);
    });

2-在AccessDeniedModel类中,我添加了以下代码:

    [TempData]
    public string Message { get; set; }

    public void OnGet()
    {
        Message = "Access Denied: You do not have access to this resource.";
        HttpContext.Response.Redirect(HttpContext.Request.Headers["Referer"]);
    }

4-在/User/Roles/View.cshtml.cs中,我定义了模型公共属性

    [TempData]
    public string Message { get; set; }

3-在/User/Roles/View.cshtml中,我添加了<p>@Model.Message</p>以向用户显示消息。

© www.soinside.com 2019 - 2024. All rights reserved.