开发者

Display action-specific authorisation message for [Authorize] attribute

开发者 https://www.devze.com 2022-12-26 12:19 出处：网络

Is there a way to display an action-specific authorisation message for when an [Authorize] or [Authorize(Roles=\"Administrator\")] attribute redirects the user to the sign-in page?

相关专题：asp.net-mvc authorization authorize-attribute

Is there a way to display an action-specific authorisation message for when an [Authorize] or [Authorize(Roles="Administrator")] attribute redirects the user to the sign-in page?

Ideally,

[Authorize(Roles="Administrator", Message="I'm sorry Dave. I'm afraid I can't let you do that.")]
public ActionResult SomeAdminFunction()
{
    // do admin stuff
    return View();
}

As I understand it, attributes are not meant to add functionality, but this seems purely informational. One could do this inside开发者_运维百科 the action, but it seems inelegant compared to the use of an attribute.

Alternatively,

if (!Request.IsAuthenticated)
{
    if (!User.IsInRole("Administrator"))
        SetMessage("You need to be an administrator to destroy worlds."); // write message to session stack
    return RedirectToAction("SignIn", "Account");
}

Is there an existing way to do this or do I need to override the [Authorize] attribute?

I would override the attribute to add my specific message.