tags:

views:

33

answers:

1
Q: 

How do I show an authorization error message in an ASP.NET MVC 2 application?

I'm using the Authorize attribute to filter controller actions based on user roles, but if an unauthorized action is attempted, the user is redirected back to the login page. As I user I would find this confusing and irritating.

How can I instead show an error message informing the user they need certain roles, and remain on the view where they attempted an action?

+1  A: 

You will need to write a custom Authorize attribute which doesn't return a HttpUnauthorizedResult. Also remaining on the same view will be a difficult task as you might need to keep all the context after the request.

Darin Dimitrov  2010-07-10 08:53:55
Ouch! Could I maybe return a custom HttpUnauthorizedResult that is routed to an error view, rather than the login view, and provide an ActionLink on the error view back to the starting view?
ProfK  2010-07-10 09:23:54
Writing a cusom 'Authorize' attribute is a lot easier than you think, and it is the cleanest way to deal with your situation, and it is also re-useable throughout your project.
Saajid Ismail  2010-07-10 09:27:39
@Profk, if you want to be routed to an error view either `Response.Redirect`, or return `ViewResult` inside the filter.
Darin Dimitrov  2010-07-10 09:41:04
@Saajid, I'm it is quite easy, but I always think too much, like redirecting back to the original view with some kind of directive to display a model popup with error advice. I'll stick to an error view for now.
ProfK  2010-07-10 10:27:09
@Darin, I'm afraid I have now idea where to begin implementing your suggestion. I know it's in my custom attribute, but how would I do Response.Redirect, or, how would my Viewresult return know where to go?
ProfK  2010-07-10 10:30:23
Using Response.Redirect is counter-productive to the whole concept of ASP.Net MVC. I don't recommend it.
Saajid Ismail  2010-07-10 23:22:14

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps