I am building MVC web application that for at least part of its data transfer relies on Ajax.
The controller action is
[RBAC]
[Authorize]
public string GetData(string inputdata)
{
some code ...
return jsondata;
}
The ajax call is
$.ajax({
dataType: "json",
url: Url,
data: { '_inputdata': selectedText },
success: function (data)
{
response($.map(data,
function(item, index) {
return {
label: item.label,
value: item.value
}
}));
},
error: (function (jqXHR, textStatus, errorThrown, data) {
ProcessFail(jqXHR, textStatus, errorThrown, data);
});
})
});
[RBAC] causes an authorization check to be done which is what I want.
public override void OnAuthorization(AuthorizationContext filterContext)
{
......
filterContext.Result = new RedirectToRouteResult
(new RouteValueDictionary { { "action", "Index" },
{ "controller", "Unauthorised" } ,
{ "Area", String.Empty }});
.....
}
The problem is that I don't get anything back at the ajax except a failure. There is nothing that tells me that there was an authorization error.
Questions:
- Is it possible to get back information from an authorization failure into the ajax response. If so how?
- If the answer to 1. is no, should I be checking for this authorization before I make this call?
As always, any help appreciated.
This is a complete solution that allows you to essentially decorate your actions with a single call inside your action that works the same way the standard Forms based authentication in ASP.net.
Just copy the pc's here and it should work.
That problem is that the authorization code that is implemented by decorating the action does not send back an authorization error to the Ajax.
So
Fails with no error message to the user.
Here is the solution I implemented. It actually uses the OnAuthorization.
My goal was to get a simple solution that allowed me to decorate the actions almost like the factory authorization code. I have succeed in this.
Credit to
How do I get the MethodInfo of an action, given action, controller and area names? credit to Miguel Angelo.
and
jQuery Ajax error handling, show custom exception messages
Credit AlexMAS
never would have figured this out if it was not for these guys.
I am using RBAC for security. Find it here. https://www.codeproject.com/articles/1079552/custom-roles-based-access-control-rbac-in-asp-ne
Excellent role based security. good system. It extends the Forms based authentication via ASP.NET Identity's framework.
So this would have been simple if you could see IPrincipal.User outside of the controller but I found I could not pass it to a method in the controller and still see the extensions that were used for RBAC that get the permissions in that method.
But you could see it here.
So the trick becomes how to get an AuthorizationContext filterContext filled properly and then I can call OnAuthorize.
This is where Miguel's code come in. It is an extension to the controller. I changed it slightly because it will actually get all of its information from the controller reference that's passed in. I only want the ActionDescriptor so I can fill a AuthorizationContext object
I took Alex's code modified it slightly to get the information I wanted to send back to the JQuery
In the overridden OnAuthorization method I added the Url string and the error code.
In the Ajax call add the following.
Then I created a front end to put together the pc's
public class clsOnAuthorization {
Finally I decorate the action and make one call in the action.
With one decoration and a single class instantiation all of the authorization problems went away and my ajax calls now know what went wrong and can redirect appropriately.