How to redirect to specific page in FluentSecurity?

Question

Hi I'm using FluentSecurity to authenticate and verify users permissions in my MVC application. In the basic settings when a user wants to access to denied Action it throws an exception. I want to know how should I redirect to another page (such as login page) instead of showing yellow exception page ?

score 5 · Accepted Answer · edited Oct 12 '16 at 22:10

I know this question has been answered already but I don't like putting a try catch in every action to handle this situation.

Fluent Security allows you to register a handler for policy violations (see https://github.com/kristofferahl/FluentSecurity/wiki/Policy-violation-handlers). You have to have a class that inherits from IPolicyViolationHandler. The convention is to name your class <PolicyViolationName>PolicyViolationHandler

Here is an example of a Handler to register a DenyAnonymousAccessPolicyViolationHandler

    /// <summary>
    /// Custom Policy Violation Handler. See http://www.fluentsecurity.net/wiki/Policy-violation-handlers
    /// </summary>
    public class DenyAnonymousAccessPolicyViolationHandler : IPolicyViolationHandler
    {
        public ActionResult Handle(PolicyViolationException exception)
        {
            Flash.Error("You must first login to access that page");
            return new RedirectResult("/");
        }
    }

One other caveat that you will run into is that you have to use an IOC container to register these handlers. I won't debate whether using and IOC container is good or bad but I prefer not to use on if I don't have too. On their website there was a blog written on how to do this without using an IOC container but I didn't really like that approach as well. Here is what I did.

public static class SecurityConfig
    {
        public static void Configure()
        {
            SecurityConfigurator.Configure(c =>
                {
                    c.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
                    c.GetRolesFrom(() => (HttpContext.Current.Session["Roles"] as string[]));
                        // Blanked Deny All
                    c.ForAllControllers().DenyAnonymousAccess();

                    // Publicly Accessible Areas
                    c.For<LoginController>().Ignore();

                    // This is the part for finding all of the classes that inherit
                    // from IPolicyViolationHandler so you don't have to use an IOC
                    // Container.
                    c.ResolveServicesUsing(type =>
                        {
                            if (type == typeof (IPolicyViolationHandler))
                            {
                                var types = Assembly
                                    .GetAssembly(typeof(MvcApplication))
                                    .GetTypes()
                                    .Where(x => typeof(IPolicyViolationHandler).IsAssignableFrom(x)).ToList();

                                var handlers = types.Select(t => Activator.CreateInstance(t) as IPolicyViolationHandler).ToList();

                                return handlers;
                            }
                            return Enumerable.Empty<object>();
                        });
                });
        }
    }

Soner Gönül · Answer 2 · 2012-12-24T10:33:13.827

-1

I never use FluentSecurity but you can follow this way to redirect in your action. For example;

public ActionResult YourActionName()
{
   try
   {

   }
   catch ( Exception )
   {       
       return RedirectToAction("Index", "Home");
   }            
}

And also you can use HandleError attribute on the controller class to catch any unhandled exceptions and it will automatically return the Error.aspx view in the Shared folder. Also you can customize it.

For more information, check ScottGu's post. http://weblogs.asp.net/scottgu/archive/2008/07/14/asp-net-mvc-preview-4-release-part-1.aspx

edited Dec 24 '12 at 10:33

answered Dec 24 '12 at 10:28

Soner Gönül

97,193
102
206
364

Thanks for your reply but any other built-in feature ? – Saber Amani Dec 24 '12 at 10:29
take a look to my answer :) – Saber Amani Dec 24 '12 at 11:56

score -1 · Answer 3 · edited Oct 12 '16 at 22:12

Currently FluentSecurity stable version(1.4) doesn't have any built-in features to handle PolicyViolationException, but you can create a filter to do that, something like this :

public class PolicyViolationExceptionHandler : IExceptionFilter
{
    public void OnException(ExceptionContext filterContext)
    {
        if (filterContext.Exception.GetType() == typeof(PolicyViolationException))
        {
            var routeDictionary = new RouteValueDictionary(new
            {
                area = "",
                controller = "account",
                action = "login"
            });

            // Redirect to specific page
            filterContext.HttpContext.Response.RedirectToRoute(routeDictionary);

            // Prevent to handle exceptions
            // Of 'PolicyViolationException' by default filters
            filterContext.ExceptionHandled = true;
        }
    }
}

How to redirect to specific page in FluentSecurity?

3 Answers3