tags:

views:

600

answers:

3
+1  Q: 

ASP.NET MVC : Response.Redirect(url, TRUE) does not stop request processing.

I have a method decorated with two custom ActionFilterAttribute. 

[RequiresAuthentication(Order = 1)]
[ToonAction(Order = 2)]
public ActionResult Browse(...

RequiresAuthentication attribute is coming from this article

Inside RequiresAuthentication, on it's OnActionExecuting I do:

 filterContext.HttpContext.Response.Redirect(loginUrl, true);

The line is get executed, and the arguments are all as expected. The problem is that after executing the line above, I get next attribute (ActionFilterAttribute) executed, as if redirect didn't work, it just continues executing the request, instead of simply redirecting browser.

Question: what else do I need to do to make the request handler

This is a complete method:

    public override void OnActionExecuting(ActionExecutingContext filterContext) {
        //redirect if not authenticated
        var identity = filterContext.HttpContext.User.Identity;
        if (!identity.IsAuthenticated) {
            //use the current url for the redirect
            string redirectOnSuccess = filterContext.HttpContext.Request.Url.PathAndQuery;

            //send them off to the login page
            string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
            string loginUrl = FormsAuthentication.LoginUrl + redirectUrl;
            filterContext.HttpContext.Response.Redirect(loginUrl, true);
            // filterContext.Result = new HttpUnauthorizedResult();
            // filterContext.HttpContext.Response.StatusCode = 0x191;
        }
    }
+1  A: 

try adding the [Authorize] attribute to your Action methods instead

hunter  2010-02-02 20:17:18
yes, that would work, too, unless you have a more complicated authorization/authentication scenario.
tvanfosson  2010-02-02 20:19:49
+5  A: 

You want to set the Result on the filterContext to a RedirectResult, not do a redirect on the response.

 filterContext.Result = new RedirectResult { Url = loginUrl };

EDIT: As @Hunter Daley suggests a better mechanism would be to use the AuthorizeAttribute instead if it works for you. If you do have authentication/authorization scenarios that the AuthorizeAttribute doesn't work for, it would probably be better to derive your custom attribute from it instead of the more generic ActionFilterAttribute. In any event, the correct technique is to set the Result rather than interact with the Response directly. You might want to look at the actual AuthorizeAttribute source at http://www.codeplex.com/aspnet for ideas.

I've got a sample of custom authorization code on my blog, http://farm-fresh-code.blogspot.com, too.

tvanfosson  2010-02-02 20:17:52
This turned out to be the answer I needed -- I was doing a redirect on the Response, and for months I could not figure out why I was getting "Cannot set cookie" errors.
Matt Sherman  2010-08-12 03:02:54
A: 

Add 

filterContext.HttpContext.Response.Clear();

at first and this at End :

filterContext.HttpContext.Response.End();

Hope this helps.

ali62b  2010-02-02 20:28:25
Didn't help:filterContext.HttpContext.Response.Redirect(loginUrl, true); already does it inside.
 2010-02-02 20:48:22

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data