CODEWITHSUNDEEP
asp.net-mvc-5
Monojit Sarkar
Monojit Sarkar

Reputation: 2451

ASP.Net MVC5: How to redirect and show right error message when user does not have a specific role for action

after login user can go to any action but think when action is decorated with authorized attribute and role names are specific there. just refer a sample code.

public class HomeController : Controller
 {
     [Authorize(Roles = "Admin, HrAdmin")]
     public ActionResult PayRoll()
     {
         return View();
     }
 }

suppose user Foo has no role like Admin or HRAdmin then what will happen when user foo will try to access PayRoll action ?

in this kind of situation i want to redirect user to my error page where i will show a friendly message to user. please guide me how to do it ?

do i need to write a custom authorized attribute from there i need to check user has those roles are not and then redirect user from there?

Upvotes: 1

Views: 1089

Answers (1)

Pierre-Loup Pagniez
Pierre-Loup Pagniez

Reputation: 3761

I don't know if that's the best way to do it, but here's how I did it:

using System.Web.Mvc;

namespace YourNamespace
{
    public class AccessDeniedAuthorizeAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);

            // Redirect to the login page if necessary
            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                filterContext.Result = new RedirectResult(System.Web.Security.FormsAuthentication.LoginUrl + "?returnUrl=" + filterContext.HttpContext.Request.Url);
                return;
            }

            // Redirect to your "access denied" view here
            if (filterContext.Result is HttpUnauthorizedResult)
            {
                filterContext.Result = new RedirectResult("~/Account/Denied");
            }
        }
    }
}

Controller: 

public class HomeController : Controller
{
    [AccessDeniedAuthorize(Roles = "Admin, HrAdmin")]
    public ActionResult PayRoll()
    {
        return View();
    }
}

That's all you have to do if your User has its Roles defined correctly. If you are not using ASP.NET Identity to manage your users and roles, you will need some more code to make this work, in that case this might help you: How can I attach a custom membership provider in my ASP.NET MVC application?.

Upvotes: 1

Related Questions