为了在项目中进行授权,我创建了 PermissionCkeckerAttribute 类,该类是 AuthorizeAttribute 类和 IAuthorizationFilter 接口的扩展
在 AuthorizeAttribute 的实现方法中,我注入我的服务,并使用 if 语句检查用户是否已通过身份验证,如果用户已验证但没有权限,则 RedirectResult() 方法将重定向到 NotFound 页面,因此这里它可以正常工作,但是在 else 语句中,当用户未进行身份验证且未登录时,我想重定向到 NotFound 页面,但 RedirectResult() 不起作用并自动重定向到登录页面,如何修复它,我应该使用其他方法吗?
这是我的代码
public class PermissionCheckerAttribute : AuthorizeAttribute, IAuthorizationFilter
{
private IUserServices _userServices;
private int _permissionId = 0;
public PermissionCheckerAttribute(int permissionId)
{
_permissionId = permissionId;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
_userServices = (IUserServices)context.HttpContext.RequestServices.GetService(typeof(IUserServices));
if (context.HttpContext.User.Identity.IsAuthenticated)
{
var phoneNumber = context.HttpContext.User.Identity.Name;
if (!_userServices.CheckPermission(_permissionId, phoneNumber))
{
context.Result = new RedirectResult("/NotFound");
}
}
else
{
//here automatically redirect to login page but I want to redirect to NotFound page
context.Result = new RedirectResult("/NotFound");
}
}
}
尝试重定向到未找到页面,但 PermissionChecker 自动重定向到登录页面
您面临的默认行为问题,要覆盖您可以尝试使用以下代码:
public void OnAuthorization(AuthorizationFilterContext context)
{
_userServices = (IUserServices)context.HttpContext.RequestServices.GetService(typeof(IUserServices));
if (context.HttpContext.User.Identity.IsAuthenticated)
{
var phoneNumber = context.HttpContext.User.Identity.Name;
if (!_userServices.CheckPermission(_permissionId, phoneNumber))
{
context.Result = new RedirectResult("/NotFound");
}
}
else
{
context.HttpContext.Response.StatusCode = 404;
context.Result = new StatusCodeResult(404);
}
}