Home/ Questions/Q 6372901
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T01:17:47+00:00

public class AdministratorAttribute : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.HttpContext.User.Identity.IsAuthenticated)

  • 0
public class AdministratorAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            EFUserRepository repo = new EFUserRepository();
            var user = repo.FindUserByUserName(filterContext.HttpContext.User.Identity.Name);
            if (user.UserRole.Name == "Administrator")
            {
                filterContext.Result = new RedirectToRouteResult(//Redirect to the original action they tried to enter?
            }
        }
        else
        {
            //redirect to the "Home/Index" area.
        }
    }
}

I’m having trouble redirecting to an action from within this OnActionExecuting method. Also, how would I redirect the user to their original intended action if they are fully authorized.

This [Administrator] attribute is going to be placed on many different controllers, so I have to have a way to redirect to the appropriate ActionResult they were trying to reach.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The usual way to do this is, for a GET at least, to url-encode the requested url and include it. For example, for SO if we start on this question as anonymous, and click login, we are taken to

    https://stackoverflow.com/users/login?returnurl=%2fquestions%2f7182675%2fredirecting-in-a-class-that-implements-the-actionfilterattribute

    The same would work for a redirect; once you have completed login, check for a returnurl parameter, and back you go.

    You should, however, check that the target url is either relative (same-site), or absolute to the current site or another site you own/etc (see OWASP for details – in particular “Example Scenarios”).

    • 0