I have a class that will verify an already login user has access to a wepage (eg, they are at Panel/Admin/333 and go to Panel/Admin/555.) If the check fails, I want to send them back to the log in page. I thought RedirectToAction would be an obvious choice,
but it does not work. In this case, the "Panel/Admin/555" page will still load, just with no model.
Just be clear, this is in a seperate class from the controller (as it will be used by multiple controllers) called Validate (and Validate does extend the controller class.)
How would I send the user back to Account/Login from the Validate class?
I am using the standard MembershipProvider to authenticate users, and a custom RoleProvider for roles.
Only users with the correct role are able to access the controller:
[Authorize(Roles = "Panel")]
public class PanelController : Controller
{
}
However, not every user should have access to every panel. Some might have access to 100, some to only 1. Before any user tries to access pages for an indiviudal panel, I want to make a quick check to ensure they allowed to.
Basiclly, I want to make sure that a user can't just change the URL and get any panel they want.
Right, so then all users must be in the Panel role? If so, then this works. But then you have further rules that say on ly certain users should have access to certain ones? So then you need to do additional checks in the action method and return a new HttpUnauthorizedResult()
if the user doesn't have access to the current one (or you can show a custom error message).
But then you have further rules that say on ly certain users should have access to certain ones?
Yes, that is what I am trying to accomplish.
BrockAllen
But then you have further rules that say on ly certain users should have access to certain ones?
The check is done in another class, and I would like to just handle the redirect there. Is there any way to redirect a user to a new action from a different class?
public class PanelController : Controller
{
public ActionResult PanelDetail(string panelId)
{
//Call this method at the beginning of every apporiate ActionResult method
//to ensure that the user has the authorization to access the panel
Validate.ValidateAccess(userId,panelId);
//Do stuff
Return View();
}
}
public class Validate : Controller
{
public void ValidateAccess(int userId, int panelId)
{
//Do validation check
if (validateCheck == false)
{
//send user to a new action
}
}
}
I'd keep them separate -- presumably one contains business logic (which is typically UI independent) and the other (the MVC code) have the UI semantics and thus is the one responsible for choosing how to show the user the response.
What do you mean by keep them seperate? They are seperate now.
Look, all I would like to know is how to send a user to a new action from the Validate class.
I would like to handle it in the Validate class so that if, in the future, we want to change where we send the users, I don't have to go though every ActionResult method in every control and make the change.
you should be using an authorization filter for this. as a filter you code gets access to all the proper context information, and the filter was designed for you case.
Mason240
Member
17 Points
13 Posts
RedirectToAction
Dec 26, 2012 02:37 PM|LINK
I have a class that will verify an already login user has access to a wepage (eg, they are at Panel/Admin/333 and go to Panel/Admin/555.) If the check fails, I want to send them back to the log in page. I thought RedirectToAction would be an obvious choice, but it does not work. In this case, the "Panel/Admin/555" page will still load, just with no model.
Just be clear, this is in a seperate class from the controller (as it will be used by multiple controllers) called Validate (and Validate does extend the controller class.)
How would I send the user back to Account/Login from the Validate class?
BrockAllen
All-Star
28134 Points
4997 Posts
MVP
Re: RedirectToAction
Dec 26, 2012 03:19 PM|LINK
How are you implementing the authorization? The typical approach with MVC to to use the [Authroize] attribute on the controller or action.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Mason240
Member
17 Points
13 Posts
Re: RedirectToAction
Dec 26, 2012 03:26 PM|LINK
I am using the standard MembershipProvider to authenticate users, and a custom RoleProvider for roles.
Only users with the correct role are able to access the controller:
[Authorize(Roles = "Panel")] public class PanelController : Controller { }However, not every user should have access to every panel. Some might have access to 100, some to only 1. Before any user tries to access pages for an indiviudal panel, I want to make a quick check to ensure they allowed to.
Basiclly, I want to make sure that a user can't just change the URL and get any panel they want.
BrockAllen
All-Star
28134 Points
4997 Posts
MVP
Re: RedirectToAction
Dec 26, 2012 03:40 PM|LINK
Right, so then all users must be in the Panel role? If so, then this works. But then you have further rules that say on ly certain users should have access to certain ones? So then you need to do additional checks in the action method and return a new HttpUnauthorizedResult() if the user doesn't have access to the current one (or you can show a custom error message).
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Mason240
Member
17 Points
13 Posts
Re: RedirectToAction
Dec 26, 2012 07:03 PM|LINK
Yes, that is what I am trying to accomplish.
The check is done in another class, and I would like to just handle the redirect there. Is there any way to redirect a user to a new action from a different class?
public class PanelController : Controller { public ActionResult PanelDetail(string panelId) { //Call this method at the beginning of every apporiate ActionResult method //to ensure that the user has the authorization to access the panel Validate.ValidateAccess(userId,panelId); //Do stuff Return View(); } } public class Validate : Controller { public void ValidateAccess(int userId, int panelId) { //Do validation check if (validateCheck == false) { //send user to a new action } } }BrockAllen
All-Star
28134 Points
4997 Posts
MVP
Re: RedirectToAction
Dec 26, 2012 07:44 PM|LINK
I'd keep them separate -- presumably one contains business logic (which is typically UI independent) and the other (the MVC code) have the UI semantics and thus is the one responsible for choosing how to show the user the response.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Mason240
Member
17 Points
13 Posts
Re: RedirectToAction
Dec 26, 2012 08:22 PM|LINK
What do you mean by keep them seperate? They are seperate now.
Look, all I would like to know is how to send a user to a new action from the Validate class.
I would like to handle it in the Validate class so that if, in the future, we want to change where we send the users, I don't have to go though every ActionResult method in every control and make the change.
BrockAllen
All-Star
28134 Points
4997 Posts
MVP
Re: RedirectToAction
Dec 26, 2012 08:27 PM|LINK
Look, you return RedirectToAction("OtherAction", "OtherController") from your action method.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
bruce (sqlwo...
All-Star
37626 Points
5574 Posts
Re: RedirectToAction
Dec 26, 2012 08:57 PM|LINK
you should be using an authorization filter for this. as a filter you code gets access to all the proper context information, and the filter was designed for you case.
Mason240
Member
17 Points
13 Posts
Re: RedirectToAction
Dec 27, 2012 12:53 PM|LINK
I alrealdy am using roles and filtering, as I stated above.