Where should I place a check that may redirect a request?
https://stackoverflow.com/questions/837046
-
10-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I need to redirect users to the Change Password page if their password has expired.
I want to place this code in one place so that any request can be redirected to the change password page.
I've looked into extending the AuthorizeAttribute, and overriding OnActionExecuting, but neither work/allow me to short circuit the routing logic to redirect to the password change page.
For a little clarification, the logic would be:
Unauthorized request:
-> any URL -> AuthorizeAttribute -> Login.aspx -> password expired -> ChangePassword.aspx
Authorized request:
-> any URL -> ??????? -> ChangePassword.aspx
Its that ???? part that I'm not sure what to do.
I think I'm going to go with extending the AuthorizeAttribute. I'll use that everywhere except the password change controller methods.
Solution
public class DenyExpiredPasswordAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
IPrincipal user = filterContext.HttpContext.User;
if(user != null)
{
if (user.Identity.IsAuthenticated)
{
if (CurrentUser.PasswordExpired) // your checking of password expiration
{
filterContext.HttpContext.Response.Redirect("~/Account/ChangePassword?reason=expired");
}
}
}
base.OnAuthorization(filterContext);
}
}
this works fine, just mark every controller with this attribute exclude "Account" one. This way no user with expired attribute able to continue until change password.
OTHER TIPS
You could look at adding an event handler for the PostAuthenticateRequest event in global.asax.
protected void Application_Start(object sender, EventArgs e) {
this.PostAuthenticateRequest += new EventHandler(Global_PostAuthenticateRequest);
}
void Global_PostAuthenticateRequest(object sender, EventArgs e)
{
if (passwordExpired) {
Context.Response.Redirect("~/ChangePassword.aspx");
}
}
