ASP.NET MVC - CustomeAuthorize filter action using an external website for loggin in the user

Asked 7/5, 2009 at 16:21 Answered 14/8, 2017 at 7:57

Solved asp.net-mvc http-redirect authorization custom-action-filter

I have a CustomeAuthorize action filter that forwards the user to signin page if user is not authenticated. I apply this filter to actions or controllers.

[CustumeAuthorize]
public ActionResult MyAction()
{
   //do something here
   return View();
}

and the filter looks like this:

public class CustomAuthorizeAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {

        if (!currentUserIsAuthenticated)
        {

            filterContext.Result =
                new RedirectToRouteResult(
                    new RouteValueDictionary{{ "controller", "Account" },
                                                 { "action", "SignIn" },
                                                 { "returnUrl",    filterContext.HttpContext.Request.RawUrl }
                                                });
        }
        else
        {
            base.OnActionExecuting(filterContext);
        }
    }
}

Once I assign a value to filterContext.Result, after execution of filter finishes, the execution is (somehow?!) redirected to the SignIn action and MyAction does not execute. This is exactly what I want.

Now say I want to change my CustomAuthorize to authenticate the user against an external website and not my own SignIn action so I am doing something like this:

public class CustomAuthorizeAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {

        if (!currentUserIsAuthenticated)
        {
             filterContext.HttpContext.Response.Redirect("http://externalSite.com/login?returnUrl=" + filterContext.HttpContext.Request.RawUrl);
        }
        else
        {
            base.OnActionExecuting(filterContext);
        }
    }
}

My problem is that after the execution of the second version of CustomAuthorize filter is finished, execution continues to MyAction which is not what I want! How do I stop the execution of MyAction after filter in this case?

-Update- I just came across a new issue. My MVC application is in an iFrame and I want the Redirect to force the current frame as the main frame after redirection, so I am doing something like:

string url = "http://externalSite.com/login?returnUrl=" + filterContext.HttpContext.Request.RawUrl;
filterContext.HttpContext.Response.Write("<script type=\"text/javascript\">\ntop.location.href = \"" + url + "\";</script>");

Is there a way to pass a javascript to RedirectResult()?

Woaded answered 7/5, 2009 at 16:21 Comment(0)

Use the RedirectResult similar to how you were using the RedirectToRouteResult before to replace the result in the filter context.

filterContext.Result = new RedirectResult("http://externalSite.com/login?returnUrl=" + filterContext.HttpContext.Request.RawUrl );

Rubberneck answered 7/5, 2009 at 16:26 Comment(3)

Thank you for the tip. I just came across a new issue. My MVC application is in an iFrame and I want the Redirect to force the current frame as the main frame after redirection, so I am doing something like: filterContext.HttpContext.Response.Write("<script type=\"text/javascript\">\ntop.location.href = \"" + "externalSite.com/login?returnUrl=" + filterContext.HttpContext.Request.RawUrl + "\";</script>"); Is there a way to pass a javascript to RedirectResult()? – Woaded 7/5, 2009 at 16:38

You might want to try passing back an actual View that contains the correct Javascript to do the redirect. There is a JavaScriptResult, too, that you might try. I haven't used that. – Rubberneck 7/5, 2009 at 16:46

the JavaScriptResult would write the returned javascript within <pre> </pre> block! Dont know why. I simply made a dummy action the did just the forwarding for me and forwarded to that action just as I did in the first case demonstrated above. Thanks for your help :) – Woaded 7/5, 2009 at 21:26

Let me see if I understand - you have an iFrame, and executing an action within this iFrame. You want to redirect to a parent page, not within that iFrame?

If so, just use Redirect(url) in your action.

Cultivar answered 21/10, 2011 at 0:9 Comment(1)

Redirect(url) from an iFrame just puts url in the iFrame. – Phene 1/1, 2014 at 0:54

You can add a judgement by jQuery on the login page.

$(function () {
        if (window != top) {
            top.location.href = location.href;
        }
    });

edit 'filterContext.Result' in action 'OnActionExecuting'

filterContext.Result = new ContentResult() { Content = "<script>top.window.location.href='/user/Login'</script>" };

Tennes answered 14/8, 2017 at 7:57 Comment(0)

Recommended topics

Hot tags