Last post Jan 23, 2018 09:28 AM by PatriceSc
Jan 23, 2018 07:38 AM|slkim|LINK
[Authorize(Roles = "Manager")]
public ActionResult Management()
When you are not logged in, you can fully understand it.
However, when I login with the role of admin, I also go to the login page.
I can not understand this. Why?
When a user whit a different role login and accesses it, they do not have "access" is not it normal to have a message called?
Jan 23, 2018 08:42 AM|PatriceSc|LINK
It seems the simplest default option (it allows to possibly log using another account and avoid showing a default message which would always need to be reworked anyway).
If you want to implement this alternate behavior, a common option is to inherit from this attribute and create your own. If I had to do that I would perhaps check for a possible 401.x status code and would see if a custom error page would be shown.
Keep in mind that it should be rare as it means that you are showing to a user something he is not allowed (any more ?) to do...
Jan 23, 2018 08:49 AM|slkim|LINK
I do not understand you.
When the user has already logged in, they will be sent to the screen to log in again, not the Manager.
Is there a way to solve this?
Jan 23, 2018 09:28 AM|PatriceSc|LINK
Ah you do show to users this link even if they are not allowed to use it ?
AFAIK the standard approach would be to skip showing this link if the user is not in the "Manager" role rather than to show something and when clicked to tell the user he is not allowed anyway to use what you shown to him.