Home/ Questions/Q 7044691
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T02:26:23+00:00

I have a ASP.NET MVC site that uses forms authentication with custom AuthorizeAttribute on

  • 0

I have a ASP.NET MVC site that uses forms authentication with custom AuthorizeAttribute on both actions and controller classes.

I have this in my web.config file : 

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

When the site is in “normal” mode this works fine. The users that needs to login is redirected to this page.

But when I switch to Test mode then all Contollers will be locked and also the AccountController.

I now need to shange the loginUrl when I’m in Test mode to point at a controller action that is not locked and that is special made for the test scenario.

How can I change the loginUrl or is it possible to redirect from the AuthorizeAttribute?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What we do is override with a customised Authorize attribute which redirects for the HandleUnauthorizedRequest function like so:

    public class AuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute
    {

        public string LoginController { get; set; }
        public string LoginAction { get; set; }


        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (string.IsNullOrEmpty(LoginController)&&string.IsNullOrEmpty(LoginAction))
                base.HandleUnauthorizedRequest(filterContext);
                    filterContext.Result =new RedirectToRouteResult(
                                            new RouteValueDictionary(new
                                                                         {
                                                                             controller = LoginController, 
                                                                             action = LoginAction, 
                                                                             returnUrl = HttpContext.Current.Request.Url
                                                                         }));
        }
    }

    This way we can specify the login route for any authorize attribute by assigning the controller and action to go for. Otherwise it behaves like the standard authorize attribute.

    You could change this to redirect according to being in test mode or live mode.

    • 0