如何解决mvc中授权失败的windows安全窗口提示

Posted 2023-02-27

【中文标题】如何解决mvc中授权失败的windows安全窗口提示

【英文标题】：How to solve windows security window prompt for Authorization failed in mvc

【发布时间】：2017-11-30 11:12:17

【问题描述】：

我的问题：

当用户没有经理角色和管理员角色时，我必须重定向到错误页面/一些弹出消息。但是当我检查是否连续授权“假”时，windows安全密码窗口会显示出来。当我再次输入用户名和密码时，它会显示 Windows 安全密码。

我必须检查的每个操作方法，并且我需要显示消息或错误页面。如何解决这个问题？

控制器代码：

[AuthorizeUser("Manager","Admin")]
public ActionResult Contact()

    return View();      

C# 代码：

public AuthorizeUserAttribute(params int[] roles)

    allowedroles = roles;


protected override bool AuthorizeCore(HttpContextBase httpContext)

    bool authorize = false;
    var getList = _objService.GetUserRoleDetail(CommonStaticHelper.getLoggedUser());

    foreach (var role in allowedroles)
    
        if (getList.Exists(m => m.RoleId == role))
        
            return authorize = true; /* return true if Entity has current user(active) with specific role */
        
    
    return authorize;


protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)

    filterContext.Result = new HttpUnauthorizedResult();

【参考方案1】：

/// 试试这个：

///Create an action :

         public ActionResult Unauthorized()
                
                    return View();
                    
//// now write below code for authorization        


  protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
                

                    if (filterContext.HttpContext.Request.IsAuthenticated)
                    
                        //redirect to the Unauthenticated page
                        filterContext.Result = new RedirectToRouteResult(new 
 RouteValueDictionary(new  controller = "Error", action = "Unauthorized" 
 ));
                    
                    else
                    
                        base.HandleUnauthorizedRequest(filterContext);
                    
                



                protected override bool AuthorizeCore(HttpContextBase httpContext)
                
                    var authorized = base.AuthorizeCore(httpContext);


                    if (!authorized)
                    
                        // The user is not authenticated
                        return false;
                    
                   else
       var getList = 
         _objService.GetUserRoleDetail(CommonStaticHelper.getLoggedUser());

            foreach (var role in allowedroles)
            
                if (getList.Exists(m => m.RoleId == role))
                
                    return authorize = true; /* return true if Entity has current 
                   user(active) with specific role */
                
            

                return authorize = false;

                

【参考方案2】：

创建您自己的过滤器，例如

  public class AuthorityAttribute : AuthorizeAttribute
    
        private readonly string[] allowedroles;
        public AuthorityAttribute(params string[] roles)
        
            this.allowedroles = roles;
        
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        
            foreach (var role in allowedroles)
            
                if (PortalWebSessionManager.ActivePortalSettings.ActiveRoles != null)
                
                    foreach (IDynamics.IDynamicsPortal.DataComponent.Roles currentRole in PortalWebSessionManager.ActivePortalSettings.ActiveRoles)
                    
                        if (currentRole.RoleName == role)
                        
                            return true;
                        
                    
                
            
            return false;
        
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        
            filterContext.Result = new HttpUnauthorizedResult();
        
    

并调用该过滤器