I'm trying to implement access denied error page on a new ASP.NET MVC 5 project with Individual User Accounts Authentication Mode.
I add CustomAuthorize class that inherit from AuthorizeAttribute
public class CustomAuthorize : AuthorizeAttribute
{
protected virtual CustomPrincipal CurrentUser
{
get { return HttpContext.Current.User as CustomPrincipal; }
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAuthenticated)
{
if (!string.IsNullOrEmpty(Roles))
{
if (!CurrentUser.IsInRole(Roles))
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
//base.OnAuthorization(filterContext); // returns to login url
}
}
if (!string.IsNullOrEmpty(Users))
{
if (!Users.Contains(CurrentUser.UserName))
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
//base.OnAuthorization(filterContext); // returns to login url
}
}
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
base.HandleUnauthorizedRequest(filterContext);
}
else
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
}
}
}
add ErrorController.cs
public class ErrorController : Controller
{
public ActionResult AccessDenied()
{
return View();
}
}
and AccessDenied.cshtml view
<h2>Access Denied</h2>
<p>You do not have access to view this page</p>
then applied in HomeController.cs
[CustomAuthorize]
public class HomeController : Controller
but it always redirecting to login page. How to display the access denied page?
