CODEWITHSUNDEEP
asp.net-mvcasp.net-mvc-3redirecttoaction
Silviu Preda
Silviu Preda

Reputation: 628

MVC 3 Redirect not working

I have a small problem related to action redirecting. I want to prevent users from being able to access information concerning a specific area in the site using an override of the OnActionExecuting in my BaseController class, which is the base class for all my controllers. Method body:

protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
                RedirectToActionPermanent("InvalidPermission", "Account", new { target = 0, redirectURL = null as string });
            else
                base.OnActionExecuting(filterContext);
        }

    }

However, this does not redirect to the specified action. What am I doing wrong? What other approach, if any, would you guys suggest?

Thanks, Silviu

Upvotes: 0

Views: 1185

Answers (4)

Silviu Preda
Silviu Preda

Reputation: 628

Here is the final solution:

var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
            {
                filterContext.Result = new RedirectToRouteResult(new
                    RouteValueDictionary(new
                    {
                        controller = "Account",
                        action = "InvalidPermission",
                        area = "",
                        target = 0,
                        redirectURL = ""
                    }));
            }
            else
            {
                base.OnActionExecuting(filterContext);
            }

Thank you both for your input, you helped alot! Cheers!

Upvotes: 1

Andrew
Andrew

Reputation: 5430

I want to prevent users from being able to access information concerning a specific area in the site using an override of the OnActionExecuting in my BaseController class, which is the base class for all my controllers.

Why did you choose to use OnActionExecuting for this? You're executing this if-statement on every request, I would recommend to use the Authorize attribute for the specific actions: 

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var user = User as Eagle.Security.EaglePrincipal;

        if(httpContext.User.Identity.IsAuthenticated && user != null)
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            var lastKnownArea = Session["LastKnownGoodArea"];

            if (lastKnowArea == null)
               return false;

            return currentArea.Equals(lastKnownArea.ToString());
        }

        return base.AuthorizeCore(httpContext);            
    }
}

In your web.config you can configure redirects like: 

 <customErrors mode="RemoteOnly">
  <error statusCode="403" redirect="/InvalidPermission/Account" />
 </customErrors>

If you want control over the UnAuthorized request you can always choose to override the HandleUnauthorizedRequest method

Upvotes: 1

ssilas777
ssilas777

Reputation: 9804

What Dave commented is right ! In addition this should be the syntax you are looking for :-

 protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
            {
                var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
                if (currentArea != Session["LastKnownGoodArea"].ToString())
                {
                filterContext.Result = new RedirectToRouteResult(new
                    RouteValueDictionary(new
                    {
                        controller = "InvalidPermission",
                        action = "Account",
                        target = 0,                                         
                    }));
                filterContext.Result.ExecuteResult(filterContext);
                }       
                else
                {
                    base.OnActionExecuting(filterContext);
                }
            }

        }

Upvotes: 1

Dave Alperovich
Dave Alperovich

Reputation: 32490

You can't redirect to Action from a filter because it is not creating an Action Result yet. You can only create a new route. I'm not completely sure of syntax you need. I threw this together as an example of way to go.

protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (Request.IsAuthenticated && (User as Eagle.Security.EaglePrincipal != null) && Session != null && Session["LastKnownGoodArea"] != null && filterContext.ActionDescriptor.ActionName != "InvalidPermission")
        {
            var currentArea = Principal.CurrentCenter.CODEFORM_CSE;
            if (currentArea != Session["LastKnownGoodArea"].ToString())
            filterContext.Result = new RedirectToRouteResult(
    new System.Web.Routing.RouteValueDictionary {
        {"controller", "InvalidPermission"}, {"action", "Account"}, {target =0}, {redirectURL = null as string }

            else
                base.OnActionExecuting(filterContext);
        }

    }

Upvotes: 0

Related Questions