CODEWITHSUNDEEP
c#asp.net-web-apiasp.net-web-api-routing
Matthew Campbell
Matthew Campbell

Reputation: 1884

Net Web 4.5.1 routing anything not authenticated

Using Net Web 4.5.1

Started off trying to configure a rule on the default document (i.e. index.html):

 routes.MapPageRoute(
   "Default", 
   "", 
   "~/Statics/anybody.html"
 );

If during debug locally I want (without extensions)

 http://localhost:52065

to go to

 http://localhost:52065/Statics/anybody.html

Down the road I want any request that isn't authorized to be directed to the splash page (i.e. /Statics/anybody.html).

Upvotes: 0

Views: 282

Answers (3)

Venkatesh
Venkatesh

Reputation: 1224

Approach 1:
If you are using forms authentication you may change the url of the element in the web.config which will redirect to the specified page if user is not authorized to access.

      <forms loginUrl="~/Account/Login" defaultUrl="~/Account/Login" slidingExpiration="false" />



Approach 2:
May use the action filters, if the user is not authenticated then redirect to the specified page else allow the current request.

Upvotes: 0

Brian Deragon
Brian Deragon

Reputation: 2957

I'm hesitant to post this, but, this is how you could do it:

public class AuthenticatedConstraint : IRouteConstraint
{
    public bool Match(HttpContextBase httpContext, Route route, string parameterName, RouteValueDictionary values,
        RouteDirection routeDirection)
    {
        return httpContext.Request.IsAuthenticated;
    }
}

Then you could use the following routes:

routes.MapRoute(name: "Default",
    url: "{*url}",
    defaults: "~/Statics/anybody.html", constraints: new AuthenticatedConstraint());
routes.MapRoute(name: "DefaultNotAuthenticated",
    url: "{*url}",
    defaults: "~/Statics/notauth.html");

The first one would match any authenticated request, and return it to the anybody.html document; the second one would match all unauthenticated routes and put them at the notauth.html document. You can tweak your url's any way you need to.

However, I mentioned I was hesitant to post this; while this should and will work for simple requests, the ASP.NET MVC routing engine is very complicated, a lot of things hinge on little things, wildcards, order that stuff is processed, etc. It'd be very easy to "accidentally" make this route not work in your own code.

That being said, routes are not foolproof. There are a few ways to get around the routing engine. Thus, this is not a "secure" solution per se. I would stick with checking auth for every request you need to, whether doing that at a controller, filter, or individual page. This will work as an "additional" security measure, catching things before they get there sometimes, but then if something slips through the cracks, the page is handling security for itself.

Upvotes: 1

user3603255
user3603255

Reputation: 260

Try adding this line in RouteConfig.cs

public static void RegisterRoutes(RouteCollection routes)
{
        routes.IgnoreRoute("");
}

Upvotes: 0

Related Questions