抛出安全异常后,重定向到登录页面
我正在使用 WebForms 和 Asp.Net 路由。
当尝试在成员文件夹上实现安全性时,我遵循此处的说明:
http://blogs.msdn.com/b/mikeormond/archive/2008/06/21/asp-net-routing-and-authorization.aspx
private IHttpHandler GeneratePage(string VN, RequestContext RC)
{
string virtualPath
= string.Format("~/Members/{0}.aspx", VN);
if (UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath,
RC.HttpContext.User,
RC.HttpContext.Request.HttpMethod))
{
if (virtualPath != null)
{
return (Page)BuildManager.CreateInstanceFromVirtualPath(virtualPath, typeof(Page));
}
}
else
{
throw new SecurityException();
}
return null;
}
}
但是,我不仅仅是想抛出安全异常,我想重定向到登录页面。我不想对 Response.Redirect 进行硬编码,而且我认为这无论如何都不是正确的方法。
将控制权传递给授权引擎并重定向到默认登录页面的“正确”方法是什么?
I'm using WebForms and Asp.Net Routing.
When trying to implement security on a members folder, I'm following the directions here :
http://blogs.msdn.com/b/mikeormond/archive/2008/06/21/asp-net-routing-and-authorization.aspx
private IHttpHandler GeneratePage(string VN, RequestContext RC)
{
string virtualPath
= string.Format("~/Members/{0}.aspx", VN);
if (UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath,
RC.HttpContext.User,
RC.HttpContext.Request.HttpMethod))
{
if (virtualPath != null)
{
return (Page)BuildManager.CreateInstanceFromVirtualPath(virtualPath, typeof(Page));
}
}
else
{
throw new SecurityException();
}
return null;
}
}
However, I don't just want to throw a security Exception, I would like to redirect to the login page. I'd rather not hard-code a Response.Redirect
and I don't think this is the right way to do it anyhow.
What's the "proper" way to pass control to the Authorization engine and redirect to the Default Login page?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你不能两者兼得。
发生异常会终止代码路径。
或者您可以致电
FormsAuthentication.RedirectToLoginPage(string extraQueryString)
并传递一个参数,让您通知用户登录页面上的问题。例如
FormsAuthentication.RedirectToLoginPage("error=authorization-failure")
当然,您需要在登录页面中编写代码来识别这一点。
You can't have both.
Thowing an exception terminates the code path.
Alternatively you can call
FormsAuthentication.RedirectToLoginPage(string extraQueryString)
and pass an arg that lets you inform the user of the problem on the login page.e.g.
FormsAuthentication.RedirectToLoginPage("error=authorization-failure")
You would, of course, need to write code in the login page to recognize this.