Generate a return Url with a custom AuthorizeAttribute

Question

I have a custom authorize attribute:

using System;
using System.Web.Mvc;
using System.Web.Routing;
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.Request.IsAuthenticated)
        {
            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Login", action = "Login" }));
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
}

...that I use to decorate certain controllers:

[MyAuthorizeAttribute(Roles = "Superman, Batman, Spiderman")]
public class SuperHeroController : Controller
{
    // ....
}

Can anyone please explain how to amend the authorize code so that if authorization fails, the Login URL includes a ReturnUrl (URL of the current controller/method)?

This is basically trying to imitate the web forms ReturnUrl logic but in a smart manner whereby I don't have to manually use a string for the URL.

score 25 · Accepted Answer · edited Nov 09 '16 at 08:01

25

Finally figured it out, although somebody might be able to suggest a better way...

filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary(
                            new
                            {
                                controller = "Login",
                                action = "Login",
                                returnUrl = filterContext.HttpContext.Request.Url.GetComponents(UriComponents.PathAndQuery, UriFormat.SafeUnescaped)
                            }));

edited Nov 09 '16 at 08:01

hkutluay

6,794
2
33
53

answered Apr 22 '15 at 15:29

EvilDr

8,943
14
73
133

2

I had the same problem. This help ! – Tchaps Aug 14 '15 at 12:35
As above. Thanks for this, just what I needed :) – GrahamJRoy Jun 01 '17 at 08:50
if you are using .NET 3 or above then the request.URL wont work. see answer: https://stackoverflow.com/a/69765256/8750262 – Ch Usman Oct 29 '21 at 07:44

D.L.MAN · Answer 2 · 2018-12-01T23:47:52.857

there are many way to implement this. you should use filterContext.HttpContext.Request.Url.GetComponents(UriComponents.PathAndQuery, UriFormat.SafeUnescaped) for getting returnUrl.

first way:

 var returnUrl = filterContext.HttpContext.Request.Url?.GetComponents(UriComponents.PathAndQuery, UriFormat.SafeUnescaped) ?? "";
 if (!string.IsNullOrWhiteSpace(returnUrl))
 {
       returnUrl = "/" + returnUrl;
 }

 filterContext.Result = new RedirectResult($"~/Login/Login{returnUrl}");

second way:

filterContext.Result = new RedirectToRouteResult(
    new RouteValueDictionary(
        new
        {
              controller = "Login",
              action = "Login",
              area = "",
              returnUrl = filterContext.HttpContext.Request.Url?.GetComponents(UriComponents.PathAndQuery,
                            UriFormat.SafeUnescaped)
         }));

just , dont forget set Area.

score 0 · Answer 3 · answered Mar 22 '17 at 07:05

This was just what I needed for the same problem although looked slightly different:

filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary
                {
                    { "controller", "Account" },
                    { "action", "Login" },
                    { "returnUrl", filterContext.HttpContext.Request.Url.GetComponents(UriComponents.PathAndQuery, UriFormat.SafeUnescaped) }
                });

Thanks!

Generate a return Url with a custom AuthorizeAttribute

3 Answers3

Linked