2

I have the following: 

    [Route("whitelist")]
    [Authorize(Roles = "Administrator")]
    public ActionResult Whitelist() {
        var vm = new WhitelistViewModel();
        return View(vm);
    }

    [Route("login")]
    [AllowAnonymous]
    public ActionResult Login(string returnUrl) {
        ViewBag.ReturnUrl = returnUrl;
        return View();
    }

However, when I navigate to /whitelist as an unauthenticated user, I get navigated to /Account/Login, which is invalid. How do I tell MVC5 to use the attribute routes when redirecting in this case?

BLAZORLOVER
  • 1,971
  • 2
  • 17
  • 27
  • Why is it invalid? You have `[Authorize(Roles = "Administrator")]` on the `Whitelist()` method so if you not authorized you would be redirected to `Login()`. What are you expecting to happen? –  Dec 12 '14 at 01:50
  • @StephenMuecke it's invalid because the route to Login is "login", as overridden via attribute routing. – BLAZORLOVER Dec 12 '14 at 01:51
  • Please look at this http://stackoverflow.com/questions/7080872/redirect-authorization-failure-in-mvc Override OnActionExecuting. We can do a lot things in this action similar to we do something in page preload before page_load. – Harris Yer Dec 12 '14 at 01:51
  • @user666, Sorry, don't understand what your saying. Do you have multiple methods named `Login()` and this one is not in the `AccountController`? –  Dec 12 '14 at 02:04
  • @StephenMuecke - the route /Account/Login is not valid because I have overridden it!!! – BLAZORLOVER Dec 12 '14 at 02:10
  • @HarrisYer - I have just laid down the override code but don't know how to determine if the request is being rejected due to auth issues - how can I fix this? – BLAZORLOVER Dec 12 '14 at 02:14
  • What do you mean you have _overidden it_? The login page is defined in `web.config` - `` –  Dec 12 '14 at 02:14
  • @StephenMuecke - I'm saying it's overridden because I've overridden it via the attribute route. The default route no longer works (as intended) – BLAZORLOVER Dec 12 '14 at 02:16
  • @StephenMuecke your method of updating the web.config does not work either. When I get redirected to log in, it's to "Account/Login", when it should be "login", despite specifying "login" in web.config – BLAZORLOVER Dec 12 '14 at 02:18
  • I sorry I no have environment to test, but in the OnActionExecuting, we should able to get some login information from the default login object by MVC, just like we know login name everywhere. – Harris Yer Dec 12 '14 at 02:21
  • The method is named `Login` and your `[Route]` is also "Login". What is it you think your overriding? (and I haven't shown you a method of _updating the web.config_, just the default value in web.config, which is saying _if the user is not authorized, redirect to /Account/Login_) –  Dec 12 '14 at 02:22
  • @StephenMuecke - if I override with attribute "login", the path is "/login", **NOT** "/Account/Login". – BLAZORLOVER Dec 12 '14 at 02:23

2 Answers2

9

In App_Start/Startup.Auth.cs, you'll need to change your default login path for redirects.

LoginPath = new PathString("/login")

The reason is since you have added an attribute route, then the existing route is invalid.

Ashley Lee
  • 3,810
  • 1
  • 18
  • 26
1

I copy from some website, I using notepad to combine, but ideally is here.

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        base.OnActionExecuting(filterContext);

        IPrincipal user = filterContext.HttpContext.User;  
        if (!user.Identity.IsAuthenticated)
        {
            // Redirect to login page
            filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary 
                { 
                    { "controller", "Login" }, 
                    { "action", "NoAccess" } 
                });
        }
    }
Harris Yer
  • 281
  • 2
  • 10
  • Using this, specifying the role via `Authorize(Roles = "Admin")` no longer works (Roles is not recognized). – SB2055 Dec 12 '14 at 02:36
  • Hi SB2005 you mean Roles = "Admin" will give error? – Harris Yer Dec 12 '14 at 02:54
  • Yeah, it stays red / error in VS if I use the overridden attribute :/ – SB2055 Dec 12 '14 at 03:01
  • We didn't override the attribute, we only create OnActionExecuting in base controller and inherit by all controllers, so they know what to do before page load. Just like I control the UICulture here for multilingual. – Harris Yer Dec 12 '14 at 03:09