What has changed from mvc1 and mvc2? If the user is not authenticated, I have the following code to redirect to the login page. This does not apply to mvc2 and results in “System.Web.HttpException: Cannot redirect after sending HTTP header”
public class RequiresAuthenticationAttribute: FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity .IsAuthenticated)
{
string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
string loginUrl = System.Web.Security.FormsAuthentication.LoginUrl + redirectUrl;
filterContext.HttpContext.Response.Redirect(loginUrl, true);
}
}
}< /pre>The stack trace is as follows:
System.Web.HttpException: Cannot redirect after HTTP headers have been sent.
at System.Web.HttpResponse. Redirect(String url, Boolean endResponse)
at System.Web.HttpResponseWrapper.Redirect(String url, Boolean endResponse) at System.Web.Mvc.RedirectResult.ExecuteResult(ControllerContext context)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext controllerContext, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker .<>c__DisplayClass14.b__11()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker. <>c__DisplayClass14.<>c__DisplayClass16.b__13()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
at System.Web.Mvc .ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
all you have to do is to override HandleUnauthorizedRequest instead of OnAuthorization, Just assign the RedirectResult url to AuthorizationContext.Result.
base.OnAuthorization will check the authentication and call HandleUnauthorizedRequest if it fails.
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
string redirectUrl = string.Format("?ReturnUrl={0}" , redirectOnSuccess);
filterContext.Result = new RedirectResult(redirectUrl);
return;
}
Changed from mvc1 and mvc2 What? If the user is not authenticated, I have the following code to redirect to the login page. This does not apply to mvc2 and results in "System.Web.HttpException: Cannot redirect after sending HTTP header"
public class RequiresAuthenticationAttribute: FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity .IsAuthenticated)
{
string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
string loginUrl = System.Web.Security.FormsAuthentication.LoginUrl + redirectUrl;
filterContext.HttpContext.Response.Redirect(loginUrl, true);
}
}
}< /pre>The stack trace is as follows:
System.Web.HttpException: Cannot redirect after HTTP headers have been sent.
at System.Web.HttpResponse. Redirect(String url, Boolean endResponse)
at System.Web.HttpResponseWrapper.Redirect(String url, Boolean endResponse)
at System.Web.Mvc.RedirectResult.ExecuteResult(ControllerContext context)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext controllerContext, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker.<> c__DisplayClass14.b__11()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14 .<>c__DisplayClass16.b__13()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker. InvokeAction(ControllerContext controllerContext, String actionName)All you have to do is to override HandleUnauthorizedRequest instead of OnAuthorization, just assign the RedirectResult url to AuthorizationContext.Result. < p>
base.OnAuthorization will check the authentication and call HandleUnauthorizedRequest if it fails.
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;
string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
filterContext.Result = new RedirectResult (redirectUrl);
return;
}