Continues to execute MVC-controller after FormsAuthentication.SignOut()_问答_开发者

Continues to execute MVC-controller after FormsAuthentication.SignOut()

开发者 https://www.devze.com 2023-03-28 05:36 出处：网络

I save all session in the database. Lets imagine that this session was lost in the database, not in the cookies.

In OnAuthorization(AuthorizationContext filterContext) I retrieve user object from database base on the session id.

if (HttpContext.User.Identity.IsAuthenticated)
{
    //Gets user data from DB.
    var user = userRepos.GetUser(HttpContext.User.Identity.Name); 

        if (user != null)
        {
            CurrentUser = user;
            Thread.CurrentPrincipal = HttpContext.User = new DibPrincipal(user);
            return;
        }
        else
        {
            FormsAuthentication.SignOut();
            Session.Abandon();
            Response.Redirect(FormsAuthentication.LoginUrl, true);
        }
    }
}

Imagine that user called a controller GetDocuments, but he was redirected to FormsAuthentication.LoginUrl. It works, user is been redirected, but I get en exception which shows an error in GetDocument controller, because CurrentUser does not exist. So .net trying to call GetDocuments even after redirecting.

How to avoid this error?开发者_StackOverflow中文版

Thanks! :)

You should not redirect from your OnAuthorization function but rather set the Result parameter from the filterContext as such :

filterContext.Result == new RedirectToRouteResult(new RouteValueDictionary {
{
    "controller",
    "Utilisateurs"
},
{
    "action",
    "Connexion"
},
{
    "ReturnUrl",
    filterContext.HttpContext.Request.RawUrl
}
});