5

I want to know how to redirect users. I have a Controller Index() and I want only users with the role "Student" can enter there! So I use 

[Authorize(Roles="Student")]

I wonder how can I redirect users who do not have this role to the homepage

Improve this question
1

3 Answers 3

Reset to default
8

MVC5 (and older):

You can do this by changing the loginUrl attribute on your web.config. Change it to the desired route:

<authentication mode="Forms">
  <forms loginUrl="~/Home/Index" timeout="2880" />
</authentication>

MVC6:

In MVC6 you can try this (inside the Startup.cs):

public void ConfigureServices(IServiceCollection services)
{       
    services.Configure<CookieAuthenticationOptions>(options =>
    {
        options.LoginPath = new PathString("/Home/Index");
    });
}
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

In MVC 6, the web.config don't exist!
Thanks Fabrice ! What library should I install? because PathString and CookieAuthenticationOptions aren't reconize !
I think both namespaces are from Microsoft.Owin.
Okay thanks, my visual studio have some bugs... And do you know the attribut to modify the error Path ? for the moment if my user has don't access ASP redirect my user to "Account/AccessDenied" !
Yes @Clowining, its in the Startup.cs too: stackoverflow.com/questions/29421164/mvc-6-404-not-found Please mark it as Answered if it answered your question. By the way, I'm Fabricio not Fabrice :P
|
1

There is a method floating around that works for MVC5. I assume it would work for MVC6 as well.
Within your Controller, create a Custom Auth method like so.

    public class YourCustomAuthorize : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        // If they are authorized, handle accordingly
        if (this.AuthorizeCore(filterContext.HttpContext))
        {
            base.OnAuthorization(filterContext);
        }
        else
        {
            // Otherwise redirect to your specific authorized area
            filterContext.Result = new RedirectResult("~/YourController/Unauthorized");
        }
    }
}

Then change your data annotations to

[YourCustomAuthorize(Roles = "Admin")]
public class UserController : Controller
{
     // Omitted for brevity
}
Improve this answer

Comments

-6

Did you try to use session for this?

I'm guessing you have login page then after login classify the session ASAP

then simple If condition will do.

<%If Session("userRole")="Student" Then%>
  This is the text version of the page
<%Else%>
  Response.Redirect("notavailablepage.html")
<%End If%>
Improve this answer

1 Comment

NEVER use Session for security purposes. It's insecure, and has different rules than authentication and authorization. On top of that, it's unreliable since session resets whenever the application pool does.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.