How do I have a RedirectToAction within a void function

Question

In my code, I am calling a function, which does some validation checks against the database and if they fail, it should send the user to the "Access Denied" page ... but doesn't seem to work.

Previously, the redirect would been with Server.Transfer or Response.Redirect, but not sure how you achieve the correct effect, with MVC.

Simplified, my code looks like this and any help would be appreciated

private void CheckSecruity()
{
    // secruity checks here
    if (failCheck)
        RedirectToAction("NoAccess", "MyController");

    // if code gets here, security was passed
}

public ActionResult MyPage()
{
     // Call Security Function
     CheckSecruity();

     /*
       Do normal code
     */

     // Display page
     return View();
}

When running the code drops into the CheckSecurity() function, but regardless of the code in there, it always shows MyPage

Answer 1

Many thanks to Stijn for that direction; have investigated that and it's perfect! I thought that I would share the outcome of what I have done, as it varies slightly from using the MVC Role...

[MyNewSecurity]
public ActionResult MyPage()
{
    return View();
}

I added the FILTERS folder and a new (SecurityAttribute.cs) class in that folder, which contains the following code (apologies, I have to cut some out).

public class MyNewSecurityAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        // I may not need this; as I could still use the original [Authorize] on MyPage()
        if (!httpContext.Request.IsAuthenticated)
            return false;

        // Area/Controller/Action
        // Controller/Action
        // Controller [default for index]

        var path = httpContext.Request.CurrentExecutionFilePath
        var structure = path.Split(new[] {"/"}, StringSplitOptions.RemoveEmptyEntries);

        var sAreaName = "";
        var sControllerName = "";
        var sActionsName = "";

        switch (structure.Length)
        {
            case 1:
                sController = structure[0];
                sActions = "Index";
                break;

            case 2:
                sController = structure[0];
                sActions = structure[1];
                break;

            case 3:
                sArea = structure[0];
                sController = structure[1];
                sActions = structure[2];
                break;

            default:
                return false;
        }

        var menuKey = string.Format("menu_{0}_{1}_{2}", sArea, sController, sActions);

        // Roles for the menu are named to the above format
        return httpContext.User.IsInRole(menuStructure);
    }
}

I have no doubt that the code can be improved, which is what I will continue to work on, but this is certainly a starter.

Answer 2

Your RedirectToAction returns a RedirectToRouteResult, so you should do something like:

 public ActionResult MyPage()
 {
      // security
      if (failCheck)
         return RedirectToAction("NoAccess", "MyController");

      /*
        Do normal code
      */

      // Display page
      return View();
 }