Reputation: 2959
How to redirect all pages in my mvc asp.net web app except for one role?
I work with asp.net c# mvc framework. I need a way to 'turn-off' my web app for all users except administrator (i. e. all pages should return to something like "The application is closed" for all the roles except Admin).
I already create a button in order to save the status of the web app (ON/OFF) in a DB.
Do I have to check on each page the status of the application ? Is-it possible to have a global redirection except for one role ?
I don't know how to properly do this global closure. Any suggestions are welcomed.
Upvotes: 1
Views: 1456
Answers (4)
Reputation: 213
Did you tryActionFilterAttribute ?
Here is a basic example:
Your controller:
[IsAdmin]
public class YourController
{
}
Your attribute
public class IsAdminAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if () // Check that your user is not an Admin and that your application is "turn-off"
{
filterContext.Result = new HttpStatusCodeResult(403); // or whatever you want
}
}
}
Add [IsAdmin] on top of all your controllers.
Upvotes: 0
Reputation: 108975
I can think of three approaches to check and do a redircet
An
HttpModulehooked into the appropriate, post-authorisation event. PresumablyPostAuthorizeRequestofHttpApplication.In your "global" (
Global.aspx.cs) subscribe to that same event.An MVC Action filter, overriding
OnActionExecuting. (Ensure you make it global, to avoid needing to apply to every controller: add toGlobalFilters.Filtersin yourApplication_Start.)
Of these 3 is part of MVC, but is much later in the pipeline (much more work will have been done, to be thrown away when the filter fails).
Use of a module is controlled by configuration which would make is easier to switch on and off.
option 2 is likely easiest to implement, but I would tend to prefer the modularity that 1 gives.
Upvotes: 4
Reputation: 18873
You can accomplish your requirement with the help of custom filters shown below :-
[CheckUserRole]
public class YourController : Controller
{
public ActionResult YourAction()
{
}
}
public class CheckUserRoleAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// Get the User Id from the session
// Get Role associated with the user (probably from database)
// Get the permission associated with the role (like Read, write etc)
// if user is not authenticated then do as :
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
}
}
Upvotes: 1
Reputation: 3571
You can write in all other Controllers which are used as follows..
public class HomeController : Controller
{
public ActionResult Index()
{
if (User.IsInRole("Administrator"))
return RedirectToAction("PagetoRedirect");
else
return RedirectToAction("CommonPagetoShowApplicationAsClosed");
}
}
Or
Action Filter, you can create on your own and look for named action like IndexRolename
Upvotes: -1
Related Questions
- ASP.NET MVC Login and Redirect Based On Role
- Redirection based on user role upon login
- redirect to different pages based on user role in ASP.NET MVC 4 Internet Application Login
- Redirect to action based on role not working. Maybe routing needed?
- How can I change the ASP.Net MVC Login Redirect based on role?
- ASP.net MVC Membership Redirect Depending on Role
- MVC3 - User Logon and Redirected based on their role
- redirect user based on Roles?
- Redirect according to roles
- Custom Redirection if Roles don't match