tags:

views:

131

answers:

1
Q: 

Authorize attribute does not preserve post data

In order to preserve post data after utilizing the [Authorize] attribute on a controller method, which then redirects the user to a login page, which then upon successful authentication redirects the user to where they were intending to go -- how would this be done? The original form submission is not relayed by default. A response to a previous posting said to:

You need to serialize your form values and a RedirectUrl to a hidden field. After authentication deserialize the data in your hidden field and redirect based on the value of the RedirectUrl. You will need a custom Authorize class to handle this.

My question is -- any examples to further point me in the right direction? Yes, I can add a [Serialize] tag to the controller class but I can't figure out how creating a custom Authorize class would help? I see plenty of material online on creating a custom Authorize class but where would the de-serialization be done? It would help greatly if you could go one or two levels deeper. I'm a newbie.

(I would comment on the previous posting but I'm new to the site and have not amassed enough points. I would also put a link to the other posting but it says new users can't show links either!)

A: 

You can create a custom authorization attribue that store the form posted values in the Session dictionary, and then after the authorization has completed you can resotre the values from the Session dictionary.
Here is an example: 

public class CustomAuth:AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
      var form = filterContext.HttpContext.Request.Form;
      if (form.HasKeys()) {
       foreach(var key in form.AllKeys)
       {
         filterContext.HttpContext.Session[key]= form[key];
       }
      }
      base.OnAuthorization(filterContext);
    }
}

As you see, before the authorization all the form values are stored in the session.
Now after the authorization has completed you can restore all the values. 

[CustomAuth()]
public ActionResult Admin()
{
   // supposing you had a from input with the name "Name"
   string Name = Session["Name"] ?? string.Empty;

   return View();
}
Marwan Aouida  2009-05-29 06:27:14

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data