I am using a custom authorization filter on my ASP.NET MVC controllers that redirects the user to a url other than the login screen if they fail authorisation on a particular action.
This is ok for actions that return views, but many of my actions return other result types such as PartialResult or JsonResult.
My current filter looks like this:
This indicates that if the user is not in the ServerAccess role then they should be redirected to /Home/Unauthorised/
I am curious how other people are handling this? This seems particularly problematic when you consider the number of actions that are intended to only be called by client-side script AJAX calls. How can the /Home/Unauthorised/ action know whether the caller was intended to receive a view, partialview, json, content, etc?
以上就是How do you deal with authorisation on actions that return results other than ViewResult?的详细内容，更多请关注web前端其它相关文章！