tags:

views:

396

answers:

3

I have code in one of my views that looks like this below where if you are logged in, it shows you the welcome notice and if you are not logged in, it shows you a link to the logon page.

    <%
        if (!Request.IsAuthenticated)
        {
    %>
    <%= Html.ActionLink("Log On", "LogOn", "Account")%>
<%
    }
        else
        {
            %>
             <img src="../images/newspic.gif" width="423" height="194"><br /><br />
<%
        }
%>

what i want is that if you are not logged in, i would like it to redirect to the login page automatically (as why have that extra step)

any suggestions on how i would go about automatically redirecting to another page from within this view above.

+2  A: 

Don't reinvent the wheel. AuthorizeAttribute already does this. Just add [Authorize] above the method.

Craig Stuntz
is there a NotAuthorized Attribute
ooo
The AuthorizeAttribute will redirect users that are NOT authorized to a login URL specified in your web.config
David G
No. It would be trivial to write one, though I can't really see the use.
Craig Stuntz
i am a bit lost . . can you show me an example of what code you would have in the controller where you wanted to show one view if the user is authorized and another view if they are not.
ooo
+5  A: 

Your View should only be responsible for displaying your data. Your controller should handle redirection logic.

The Authorize Attribute has already been created for this purpose. Add it to your controller action method like:

public class CustomerController : Controller {

  [Authorize]
  public ActionResult Home() {
    return View("Home");
  }

}

Or alternatively it can be added to the Controller to apply to all Actions:

[Authorize]
public class CustomerController : Controller {

  public ActionResult Home() {
    return View("Home");
  }

}

Then in your web.config set something like

<authentication mode="Forms">
   <forms loginUrl="~/Login" />
</authentication>

If the user is authorized they will be shown your 'Home' view. If they are not authorized they will be redirected to '/Login'

David G
are you saying that i shouldn't have the Request.IsAuthenticated code in the view?
ooo
Any redirection logic should be put in the Controller. I would say that using 'if (!Request.IsAuthenticated)... to display either a login link or a welcome message is okay in your case. However if your View becomes littered with display logic like such you could probably benefit by refactoring.
David G
i am a bit lost . . can you show me an example of what code you would have in the controller where you wanted to show one view if the user is authorized and another view if they are not
ooo
I've updated my answer
David G
A: 

This is program logic, and so it should be in the controller, not the view.

Instead of return View(); try return RedirectToAction(...); to pass to another controller/action with parameters in a nice "MVC" manner, or return Redirect(...); if you just want to use a plain url.

David
And as stated above, if you are redirecting for IsAuthorized, you shouldn't be redirecting at all - you should be using an authorization filter attribute.
David
This isn't *wrong* as the AuthorizeAttribute basically does this by returning an HttpUnauthorizedResult, but I'd use the attribute instead of coding it up in each action.
tvanfosson
i am a bit lost . . can you show me an example of what code you would have in the controller where you wanted to show one view if the user is authorized and another view if they are not
ooo