Home/ Questions/Q 8092047
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T20:12:15+00:00

i am using mvc 3 code first. facing problem while passing data form SecurityAttribute

  • 0

i am using mvc 3 code first. facing problem while passing data form SecurityAttribute class to Controller. i actually want to redirect user on login page with displaying Message. for this i override AuthorizeCore method in SecurityAttribute class. in this method i am unable to direct use session, cookies, tempdate, and viewbag etc. any other solution to solve this problem. Thanks 

protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext.Session["UserID"] == null)
        {
            //here i am unable to pass message to User/LogOn action.
            httpContext.Response.Redirect("~/User/LogOn");
           // httpContext.Session["lblMsg"] = "You are not authroize to perform this                               action.Please Login through different account";
            return false; 
        }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First things first, you should not redirect inside the AuthorizeCore method. You should use the HandleUnauthorizedRequest method which is intended for this purpose. As far as passing an error message to the LogOn action is concerned you could use TempData:

    public class SecurityAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        // perform the custom authorization logic here and return true or false
        // DO NOT redirect here
        return httpContext.Session["UserID"] != null;
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        filterContext.Controller.TempData["ErrorMessage"] = "You are not authroize to perform this action.Please Login through different account";

        // calling the base method will actually throw a 401 error that the
        // forms authentication module will intercept and automatically redirect
        // you to the LogOn page that was defined in web.config
        base.HandleUnauthorizedRequest(filterContext);
    }
}

    and then inside the LogOn action:

    public ActionResult LogOn()
{
    string errorMessage = TempData["ErrorMessage"] as string;
    ...
}

    or if you want to access it inside the LogOn.cshtml view:

    <div>@TempData["ErrorMessage"]</div>

    Another possibility is to pass the message as a query string parameter instead of using TempData:

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    var values = new RouteValueDictionary(new
    {
        controller = "User",
        action = "LogOn",
        errormessage = "You are not authroize to perform this action.Please Login through different account"
    });
    filterContext.Result = new RedirectToRouteResult(values);
}

    and then you could have the LogOn action take the error message as action parameter:

    public ActionResult LogOn(string errorMessage)
{
    ...
}
    • 0