如何解决mvc中授权失败的windows安全窗口提示

Posted

技术标签:

【中文标题】如何解决mvc中授权失败的windows安全窗口提示【英文标题】:How to solve windows security window prompt for Authorization failed in mvc 【发布时间】:2017-11-30 11:12:17 【问题描述】:

我的问题:

    当用户没有经理角色和管理员角色时,我必须重定向到错误页面/一些弹出消息。但是当我检查是否连续授权“假”时,windows安全密码窗口会显示出来。当我再次输入用户名和密码时,它会显示 Windows 安全密码。

    我必须检查的每个操作方法,并且我需要显示消息或错误页面。如何解决这个问题?

控制器代码:

[AuthorizeUser("Manager","Admin")]
public ActionResult Contact()

    return View();      

C# 代码:

public AuthorizeUserAttribute(params int[] roles)

    allowedroles = roles;


protected override bool AuthorizeCore(HttpContextBase httpContext)

    bool authorize = false;
    var getList = _objService.GetUserRoleDetail(CommonStaticHelper.getLoggedUser());

    foreach (var role in allowedroles)
    
        if (getList.Exists(m => m.RoleId == role))
        
            return authorize = true; /* return true if Entity has current user(active) with specific role */
        
    
    return authorize;


protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)

    filterContext.Result = new HttpUnauthorizedResult();

【问题讨论】:

【参考方案1】:

/// 试试这个:

///Create an action :

         public ActionResult Unauthorized()
                
                    return View();
                    
//// now write below code for authorization        


  protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
                

                    if (filterContext.HttpContext.Request.IsAuthenticated)
                    
                        //redirect to the Unauthenticated page
                        filterContext.Result = new RedirectToRouteResult(new 
 RouteValueDictionary(new  controller = "Error", action = "Unauthorized" 
 ));
                    
                    else
                    
                        base.HandleUnauthorizedRequest(filterContext);
                    
                



                protected override bool AuthorizeCore(HttpContextBase httpContext)
                
                    var authorized = base.AuthorizeCore(httpContext);


                    if (!authorized)
                    
                        // The user is not authenticated
                        return false;
                    
                   else
       var getList = 
         _objService.GetUserRoleDetail(CommonStaticHelper.getLoggedUser());

            foreach (var role in allowedroles)
            
                if (getList.Exists(m => m.RoleId == role))
                
                    return authorize = true; /* return true if Entity has current 
                   user(active) with specific role */
                
            

                return authorize = false;

                

【讨论】:

【参考方案2】:

创建您自己的过滤器,例如

  public class AuthorityAttribute : AuthorizeAttribute
    
        private readonly string[] allowedroles;
        public AuthorityAttribute(params string[] roles)
        
            this.allowedroles = roles;
        
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        
            foreach (var role in allowedroles)
            
                if (PortalWebSessionManager.ActivePortalSettings.ActiveRoles != null)
                
                    foreach (IDynamics.IDynamicsPortal.DataComponent.Roles currentRole in PortalWebSessionManager.ActivePortalSettings.ActiveRoles)
                    
                        if (currentRole.RoleName == role)
                        
                            return true;
                        
                    
                
            
            return false;
        
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        
            filterContext.Result = new HttpUnauthorizedResult();
        
    

并调用该过滤器

【讨论】:

以上是关于如何解决mvc中授权失败的windows安全窗口提示的主要内容,如果未能解决你的问题,请参考以下文章

电脑出现Windows通讯窗口初始化失败怎么解决?系统Windows10

WINDOWS通信端口初始化失败该如何解决方法

Windows8.1如何解决安装VC++2010失败

请高手指教下:腾讯云主机由linux系统重装改到windows系统后,FTP远程连接失败怎么解决

win10由于失败的登录次数过多或重复关机

信息安全深透测试与工房操作系统本地提权