Home/ Questions/Q 6677799
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T04:10:00+00:00

i have a project using ASP.Net MVC3 and using membership for roles. i use

  • 0

i have a project using ASP.Net MVC3 and using membership for roles. i use authorize in every controller.
eg:

[Authorize(Roles = "Administrator")]
    public ActionResult Index(string q, int i)
    {
      return View(model);
    }

if someone doesnt have role for administrator, then it will redirect to login page by default. how to change it,so it will redirect into Views/Shared/UnAuthorize.cshtml ? or maybe if someone doesnt have role for administrator, it will show message box (alert) ?

thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just change the page that have to be shown in the web.config (check that the route exists)

    <authentication mode="Forms">
  <forms loginUrl="~/UnAuthorize" timeout="2880" />
</authentication>

    If you, instead, want to redirect to a specific path for every roles you can extend the AuthorizeAttribute with your own. Something like this (not tested, I write this to give you an idea)

    public class CheckAuthorize : ActionFilterAttribute
{
  public Roles[] Roles { get; set; }
  public override void OnActionExecuting(ActionExecutingContext filterContext)
  {
    //Your code to get the user
    var user = ((ControllerBase)filterContext.Controller).GetUser();

    if (user != null)
    {
      foreach (Role role in Roles)
      {
        if (role == user.Role)
          return;
      }
    }      
    RouteValueDictionary redirectTargetDictionary = new RouteValueDictionary();
    if user.Role==Role.Administrator
    {
      redirectTargetDictionary.Add("action", "Unauthorized");
      redirectTargetDictionary.Add("controller", "Home");
    }
    else
    {
      redirectTargetDictionary.Add("action", "Logon");
      redirectTargetDictionary.Add("controller", "Home");
    }
    filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
  }
}
    • 0