blocks|key|3080378|text|看看HandleErrorAttribute。子类或添加您自己的实现，它将处理您感兴趣的所有状态代码。您可以让它为每种错误类型返回单独的错误视图。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3080379|这里有一个关于如何创建处理错误异常过滤器的想法。我扔掉了大部分东西，只专注于我们的必需品。绝对要看一下最初的实现，添加参数、检查和其他重要的东西。|3080380|public+class+HandleManyErrorsAttribute+:+FilterAttribute,+IExceptionFilter
{
++++public+virtual+void+OnException(ExceptionContext+filterContext)
++++{
++++++++if+(filterContext.ExceptionHandled+%7C%7C+!filterContext.HttpContext.IsCustomErrorEnabled)
++++++++++++return;

++++++++Exception+exception+=+filterContext.Exception;

++++++++string+viewName+=+string.Empty;
++++++++object+viewModel+=+null;
++++++++int+httpCode+=+new+HttpException(null,+exception).GetHttpCode();
++++++++if+(httpCode+==+500)
++++++++{
++++++++++++viewName+=+"Error500View";
++++++++++++viewModel+=+new+Error500Model();
++++++++}
++++++++else+if+(httpCode+==+404)
++++++++{
++++++++++++viewName+=+"Error404View";
++++++++++++viewModel+=+new+Error404Model();
++++++++}
++++++++else+if+(httpCode+==+401)
++++++++{
++++++++++++viewName+=+"Error401View";
++++++++++++viewModel+=+new+Error401Model();
++++++++}

++++++++string+controllerName+=+(string)filterContext.RouteData.Values["controller"];
++++++++string+actionName+=+(string)filterContext.RouteData.Values["action"];
++++++++filterContext.Result+=+new+ViewResult
++++++++{
++++++++++++ViewName+=+viewName,
++++++++++++MasterName+=+Master,
++++++++++++ViewData+=+viewModel,
++++++++++++TempData+=+filterContext.Controller.TempData
++++++++};
++++++++filterContext.ExceptionHandled+=+true;
++++++++filterContext.HttpContext.Response.Clear();
++++++++filterContext.HttpContext.Response.StatusCode+=+httpCode;

++++++++filterContext.HttpContext.Response.TrySkipIisCustomErrors+=+true;
++++}
}|code-block|syntax|javascript|3080381|然后你用这个属性来“装饰”你的控制器动作：|3080382|[HandleManyErrors]
public+ActionResult+DoSomethingBuggy+()
{
++++//+...
}|3080383|entityMap^0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|P|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|Q|8|@]|9|@]|A|$G|H]]|$1|I|3|J|5|6|7|R|8|@]|9|@]|A|$]]|$1|K|3|L|5|F|7|S|8|@]|9|@]|A|$G|H]]|$1|M|3|-4|5|6|7|T|8|@]|9|@]|A|$]]]|N|$]]

Look at the HandleErrorAttribute. Subclass from it or add your own implementation which will handle all the status codes you're interested in. You can make it to return a separate error view for each error type.

Here is an idea of how to create your handle error exception filter. I've thrown out most of the stuff to only focus on our essentials. Absolutely have a look at the original implementation to add arguments checks and other important things.

<pre><code>public class HandleManyErrorsAttribute : FilterAttribute, IExceptionFilter
{
 public virtual void OnException(ExceptionContext filterContext)
 {
 if (filterContext.ExceptionHandled || !filterContext.HttpContext.IsCustomErrorEnabled)
 return;

 Exception exception = filterContext.Exception;

 string viewName = string.Empty;
 object viewModel = null;
 int httpCode = new HttpException(null, exception).GetHttpCode();
 if (httpCode == 500)
 {
 viewName = "Error500View";
 viewModel = new Error500Model();
 }
 else if (httpCode == 404)
 {
 viewName = "Error404View";
 viewModel = new Error404Model();
 }
 else if (httpCode == 401)
 {
 viewName = "Error401View";
 viewModel = new Error401Model();
 }

 string controllerName = (string)filterContext.RouteData.Values["controller"];
 string actionName = (string)filterContext.RouteData.Values["action"];
 filterContext.Result = new ViewResult
 {
 ViewName = viewName,
 MasterName = Master,
 ViewData = viewModel,
 TempData = filterContext.Controller.TempData
 };
 filterContext.ExceptionHandled = true;
 filterContext.HttpContext.Response.Clear();
 filterContext.HttpContext.Response.StatusCode = httpCode;

 filterContext.HttpContext.Response.TrySkipIisCustomErrors = true;
 }
}
</code></pre>

Then you "decorate" your controller actions with this attribute:

<pre><code>[HandleManyErrors]
public ActionResult DoSomethingBuggy ()
{
 // ...
}
</code></pre>

blocks|key|325797|text|如果您正在使用IIS，那么您很可能会使用ASP.NET，那么为什么不设置IIS来对该Web应用程序/虚拟目录使用您的自定义401error页面呢？|type|unstyled|depth|inlineStyleRanges|entityRanges|data|325798|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

If you're using ASP.NET MVC, you're more than likely to use IIS, so why don't you just set up IIS to use your custom 401 error page for that Web Application / Virtual Directory?

blocks|key|328949|text|我设法用一种非常简单的方式解决了这个问题。我想为登录的用户显示一个自定义页面(“您没有权限...”)并将未经验证的用户重定向到登录页面(默认行为)。因此，我使用HandleUnauthorizedRequest方法实现了一个自定义结果(比如CustomAuthorizeAttribute)，如果用户通过了身份验证，则使用名为AccessDenied.aspx的ViewResult+(在共享文件夹中)设置filterContext参数的Result属性|type|unstyled|depth|inlineStyleRanges|entityRanges|data|328950|protected+override+void+HandleUnauthorizedRequest(AuthorizationContext+filterContext)
{
++++if+(!filterContext.HttpContext.User.Identity.IsAuthenticated)
++++{
++++++++base.HandleUnauthorizedRequest(filterContext);
++++}
++++else
++++{
++++++++filterContext.Result+=+new+ViewResult+{+ViewName+=+"AccessDenied"+};
++++}
}|code-block|syntax|javascript|328951|然后，您必须使用这个新属性。致以问候。|328952|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

I managed to solve this in a very simple way. I wanted to show a custom page for logged-in users ("you have no permission bla bla...") and redirect unauthenticated users to the login page (the default behaviour). 
So I implemented a custom AuthorizeAttribute (say CustomAuthorizeAttribute) with the HandleUnauthorizedRequest method overwritten in a way that if the user is authenticated I set the Result property of the filterContext argument with a ViewResult (in the Shared folder) called AccessDenied.aspx

<pre><code>protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
 if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
 {
 base.HandleUnauthorizedRequest(filterContext);
 }
 else
 {
 filterContext.Result = new ViewResult { ViewName = "AccessDenied" };
 }
}
</code></pre>

Then you have to use this new attribute instead.
Regards.

blocks|key|3293826|text|在我的一个项目中，我使用了uvita中的代码。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3293827|我有ASP.NET+MVC2，并且在没有登录页面的情况下使用Active+Directory身份验证。我有一个使用网站母版页的NoAuth.aspx网页，集成了应用程序布局。|style|BOLD|3293828|这是web.config。|3293829|<system.web>
++++<authentication+mode="Windows"+/>
++++<roleManager+enabled="true"+defaultProvider="AspNetWindowsTokenRoleProvider">
+++++++<providers>
++++++++++<clear+/>
++++++++++<add+name="AspNetWindowsTokenRoleProvider"+type="System.Web.Security.WindowsTokenRoleProvider"
++++++++++applicationName="/"+/>
++++++</providers>
++++</roleManager>
</system.web>|code-block|syntax|javascript|3293830|新类CustomAutorizeAttribute|3293831|using+System.Web.Mvc;
public+class+CustomAuthorizeAttribute+:+AuthorizeAttribute
{
++++protected+override+void+HandleUnauthorizedRequest(AuthorizationContext+filterContext)
++++{
++++++++if+(!filterContext.HttpContext.User.Identity.IsAuthenticated)
++++++++{
++++++++++++base.HandleUnauthorizedRequest(filterContext);
++++++++}
++++++++else
++++++++{
+++++++++++filterContext.Result+=+new+ViewResult+{+ViewName+=+"NoAuth"};
++++++++}
++++}
}|3293832|和控制器|3293833|[CustomAuthorize(Roles+=+"ADRole")]
public+class+HomeController+:+Controller
{
++++public+HomeController()
++++{
++++}
}|3293834|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/users/118107/uvita^0|D|5|0|0|2|C|U|G|1R|H|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|14|8|@]|9|@$A|15|B|16|1|17]]|C|$]]|$1|D|3|E|5|6|7|18|8|@$A|19|B|1A|F|G]|$A|1B|B|1C|F|G]|$A|1D|B|1E|F|G]]|9|@]|C|$]]|$1|H|3|I|5|6|7|1F|8|@]|9|@]|C|$]]|$1|J|3|K|5|L|7|1G|8|@]|9|@]|C|$M|N]]|$1|O|3|P|5|6|7|1H|8|@]|9|@]|C|$]]|$1|Q|3|R|5|L|7|1I|8|@]|9|@]|C|$M|N]]|$1|S|3|T|5|6|7|1J|8|@]|9|@]|C|$]]|$1|U|3|V|5|L|7|1K|8|@]|9|@]|C|$M|N]]|$1|W|3|-4|5|6|7|1L|8|@]|9|@]|C|$]]]|X|$Y|$5|Z|10|11|C|$12|13]]]]

In one of my project, I use the code from <a href="https://stackoverflow.com/users/118107/uvita">uvita</a>.

I have ASP.NET MVC2 and I use Active Directory authentication without login page.
I have a NoAuth.aspx page that use site master page, integrate the web application layout.

This is the web.config.

<pre><code>&lt;system.web&gt;
 &lt;authentication mode="Windows" /&gt;
 &lt;roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"&gt;
 &lt;providers&gt;
 &lt;clear /&gt;
 &lt;add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"
 applicationName="/" /&gt;
 &lt;/providers&gt;
 &lt;/roleManager&gt;
&lt;/system.web&gt;
</code></pre>

The new class CustomAutorizeAttribute

<pre><code>using System.Web.Mvc;
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
 protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
 {
 if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
 {
 base.HandleUnauthorizedRequest(filterContext);
 }
 else
 {
 filterContext.Result = new ViewResult { ViewName = "NoAuth"};
 }
 }
}
</code></pre>

and the controller

<pre><code>[CustomAuthorize(Roles = "ADRole")]
public class HomeController : Controller
{
 public HomeController()
 {
 }
}
</code></pre>

I have implemented errors handling in ASP.NET MVC site <a href="https://stackoverflow.com/questions/619895/how-can-i-properly-handle-404s-in-asp-net-mvc/620559#620559.">in a way like suggests this post</a>.

With 404 errors all works fine. But how correctly show user friendly screen for a 401 error? They usually do not throw Exception that can be handled inside <code>Application_Error()</code> but rather action returns HttpUnauthorizedResult. One possible way is to add following code to the end of <code>Application_EndRequest()</code> method

<pre><code>if (Context.Response.StatusCode == 401)
{
 throw new HttpException(401, "You are not authorised");
 // or UserFriendlyErrorRedirect(new HttpException(401, "You are not authorised")), witout exception
}
</code></pre>

But inside <code>Application_EndRequest()</code> Context.Session == null, <code>errorController.Execute()</code> fails because it cannot use default TempDataProvider.

<pre><code> // Call target Controller and pass the routeData.
 IController errorController = new ErrorController();
 errorController.Execute(new RequestContext( 
 new HttpContextWrapper(Context), routeData)); // Additional information: The SessionStateTempDataProvider requires SessionState to be enabled.
</code></pre>

So, can you suggest some best practices how to 'user friendly handle' 401 in ASP.NET MVC application?

Thanks.

ASP.NET MVC user friendly 401 error

身份验证

Windows

我已经在ASP.NET MVC site 中实现了错误处理。有了404个错误，一切都能正常工作。但是如何正确地为401 error显示用户友好的屏幕？它们通常不会抛出可以在Application_Error()内部处理的异常，而是操作返回HttpUnauthorizedResult。一种可能的方法是将以下代码添加到Ap...

问ASP.NET MVC用户友好的401错误
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问ASP.NET MVC用户友好的401错误EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问ASP.NET MVC用户友好的401错误
EN