c# - Asp.net web api : redirect unauthorized requst to forbidden page -


im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ?

here's startup class :

app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create);  app.usecookieauthentication(new cookieauthenticationoptions {      authenticationtype = defaultauthenticationtypes.applicationcookie,      expiretimespan = timespan.fromdays(30), });  app.useexternalsignincookie(defaultauthenticationtypes.externalcookie);  app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5));  app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie);

the method im trying reach :

    [httpget]     [authorize(roles = "admin")]     public string getcurrentusername()     {         return usermanager.findbyemail(user.identity.name).name;     }

i have tried things :

  • remove loginpath cookieoptions return 401
  • create custom authorize attribute

by way im using angular , think issue related ajax call ...

you can extend authorize attribute specify forbidden page. this:

add new class named authorizationattribute inherits authorizeattribute class. , override 2 methods

public class authorizationattribute : authorizeattribute {    protected override bool authorizecore(httpcontextbase httpcontext)    {       //check if user in in role admin , if yes return true, else return false. once returns false, handleunauthorizedrequest triggered automatically       return usermanager.isuserinadminrole(username);    }     protected override void handleunauthorizedrequest(authorizationcontext filtercontext)    {       filtercontext.result = new redirectresult("~/error/forbiddenpage");    } }

and in method, use new authorizationattribute class:

    [httpget]     [authorization] //you can write authorization without word attribute     public string getcurrentusername()     {         return usermanager.findbyemail(user.identity.name).name;     }

if related ajax, find here: github.com/ronnieoverby/mvc-ajax-auth similar problem solution


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more