How do I show an authorization error message in an ASP.NET MVC 2 application?

3
votes

I'm using the Authorize attribute to filter controller actions based on user roles, but if an unauthorized action is attempted, the user is redirected back to the login page. As I user I would find this confusing and irritating.

How can I instead show an error message informing the user they need certain roles, and remain on the view where they attempted an action?

2
asp.netasp.net-mvcauthorization

2 Answers

2
votes

You will need to write a custom Authorize attribute which doesn't return a HttpUnauthorizedResult. Also remaining on the same view will be a difficult task as you might need to keep all the context after the request.

0
votes

The solution I found so far is you need to save a session for the current page in _ViewStart (maybe something else in MVC2), then use that in your custom authorization class to redirect to the page and show the message.