The best and safest thing for you to do would be to subclass AuthorizeAttribute and override only the HandleUnauthorizedRequest method. Then you could attribute your methods like so:
Don't override any other method as the default logic should suffice in your case. (The default logic handles things like the IsInRole() check, suppressing output caching, etc.) Then from the HandleUnauthorizedAttribute method, set filterContext.Result
= new RedirectResult("url_to_redirect_to").
levib
Star
7702 Points
1099 Posts
Microsoft
Re: Bit lost on first custom Authorization Attribute
Mar 02, 2010 04:30 PM|LINK
The best and safest thing for you to do would be to subclass AuthorizeAttribute and override only the HandleUnauthorizedRequest method. Then you could attribute your methods like so:
[MyCustomAuthorization(Roles = "some_role[, some_other_role[, ...]]")]
Don't override any other method as the default logic should suffice in your case. (The default logic handles things like the IsInRole() check, suppressing output caching, etc.) Then from the HandleUnauthorizedAttribute method, set filterContext.Result = new RedirectResult("url_to_redirect_to").
Good luck. :)