asp.net mvc - throws HTTP Error 403.14 - Forbidden after create new record -
1- authorizeuserattribute.cs class costume authorize attribute
public class authorizeuserattribute : authorizeattribute { public string accesslevel { get; set; } protected override bool authorizecore(httpcontextbase httpcontext) { var isauthorized = base.authorizecore(httpcontext); if (!isauthorized) return false; if (this.accesslevel.contains("admin")) { return true; } else return false; } 2- controller
[authorizeuser(accesslevel = "admin")] public class productscontroller : controller { private databasecontext db = new databasecontext(); public actionresult index() { var product = db.product.include(p => p.productgroup); return view(product.tolist()); } } [authorizeuser(accesslevel = "admin")] public actionresult create([bind(include = "product_id,productname,description,picurl,group_id")] product product) { if (modelstate.isvalid) { db.product.add(product); db.savechanges(); return redirecttoaction("index"); } viewbag.group_id = new selectlist(db.productgroups, "group_id", "greoupname", product.group_id); return view(product); } 3-filterconfig.cs in start_up folder
public class filterconfig { public static void registerglobalfilters(globalfiltercollection filters) { filters.add(new handleerrorattribute()); filters.add(new authorizeattribute()); filters.add(new authorizeuserattribute()); } } 4-global.asax.cs
void application_start(object sender, eventargs e) { // code runs on application startup arearegistration.registerallareas(); globalconfiguration.configure(webapiconfig.register); routeconfig.registerroutes(routetable.routes); filterconfig.registerglobalfilters(globalfilters.filters); antiforgeryconfig.uniqueclaimtypeidentifier = claimtypes.nameidentifier; } 5- admin1controller.cs login , etc...
[httppost] public actionresult login(loginviewmodel model) { if (!modelstate.isvalid) //checks if input fields have correct format { return view(model); //returns view input values user doesn't have retype again } if(model.email == "info@psmgroups.com" & model.password == "@1234psm") { var identity = new claimsidentity(new[] { new claim(claimtypes.name,"admin" ), new claim(claimtypes.email, "info@psmgroups.com"), new claim(claimtypes.role,"admin") }, "applicationcookie"); var ctx = request.getowincontext(); var authmanager = ctx.authentication; authmanager.signin(identity); return redirect(getredirecturl(model.returnurl)); } modelstate.addmodelerror("", "incorrect username or pass"); return view(model); } private string getredirecturl(string returnurl) { if (string.isnullorempty(returnurl) || !url.islocalurl(returnurl)) { return url.action("index", "admin1"); } return returnurl; } after create new product , return products/ show http error 403.14 - forbidden page. while write product/index show correct page
try make public , see if error changes
Comments
Post a Comment