Home/ Questions/Q 6811035
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T20:16:41+00:00

I was trying to figure out whether it would be possible to present two

  • 0

I was trying to figure out whether it would be possible to present two different login screens based on the authorization role. The requirement is simple. I have two roles say “admin” and “public”. There are “Authorize” attributes marked all over my applications action methods for these two roles.

Now the requirements of my application specifies different login screens for “admin” and “public”. The “admin” login screen is secured by an additional security code which is not required for “public” login screen. What I was looking for is some way to know who is trying to log in based on the Action method invoked. If the action method invoked is decorated by Authorize[Roles="admin"] then I would present the admin login screen, whereas if action method invoked is applied Authorize[Roles="public"] then I need to present the public login screen.

If the Login Screen is directly invoked then by default the public login screen would be presented.

It may sound a little weird but this is the scenario I am trying to figure out the solution for.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could write a custom authorize attribute which will redirect to the proper logon action:

    public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        var roles = Roles.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
        if (roles.Contains("admin", StringComparer.OrdinalIgnoreCase))
        {
            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
            {
                controller = "account",
                action = "adminlogon",
                returnUrl = filterContext.HttpContext.Request.RawUrl
            }));
        }
        else
        {
            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
            {
                controller = "account",
                action = "logon",
                returnUrl = filterContext.HttpContext.Request.RawUrl
            }));
        }
    }
}

    and then decorate your controllers/actions with it:

    [MyAuthorize(Roles = "admin")]
public ActionResult Foo()
{
    return View();
}

[MyAuthorize(Roles = "normaluser")]
public ActionResult Bar()
{
    return View();
}

    Now if a non authenticated user tries to hit the Foo action he will be redirected to the /account/adminlogon action and if he tries to hit the Bar action he would be redirected to the /account/logon action. In both cases the current url will be passed as returnUrl parameter so that upon successful login the user could be brought to the page that he was initially trying to browse.

    • 0