Reputation: 25759
Custom Authorize attribute not working on expired ajax requests
I have a custom authorize attribute on my controllers and it is not being called on expired ajax requests. I'm using forms authentication, and call controller methods via $.ajax (jQuery). The ajax request returns my login page and I don't seem to be able to intercept this.
Thank you.
UPDATE: I figured out why: I commented the authorization section in my web.config like follows:
<authentication mode="Forms">
<forms loginUrl="/Login" timeout="1" slidingExpiration="false"/>
</authentication>
<!--<authorization>
<deny users="?"/>
</authorization>-->
Now my authorization filter is being called even after expiration. Turns out that Web.config authorization rules take precedence over Authorize filters.
Upvotes: 2
Views: 1671
Answers (3)
Reputation: 1
Use context.HttpContext.Request.IsAjaxRequest() to detect if request is an Ajax request or not.
Check more here:
Authorize attribute and jquery AJAX in asp.net MVC
Upvotes: 0
Reputation: 126547
Don't return 401 unauthorized. ASP.NET intercepts that and redirects to the login page defined in web.config. For AJAX, instead return something else, like 403.
Upvotes: 4
Related Questions
- Authorize attribute and jquery AJAX in asp.net MVC
- POSTing Ajax form using [Authorize] attribute after the user is logged out ASP.NET
- Asp.net MVC - How to check session expire for Ajax request
- Ajax Fails On Authorization
- Handling session timeout in ajax calls
- ASP.NET MVC Session Expiration
- How to use custom AuthorizeAttribute with AJAX
- ASP.NET MVC User Authentication expiration time
- Extending Forms Authentication Timeout When Making AJAX Calls With jQuery
- Best way to handle expired .NET Forms authentication coookie in an ajax call?