0

I just learning ASP.NET MVC and newbie in it so I can't find the solution for some problem. Maybe somebody faced this problem and can give me advice? Thanks for all!

In my project, I use ASP.NET Identity for authorization. The only problem I faced is how to redirect the user to login page after session expires. If action from controller called not from AJAX it works well, but if action called from AJAX function it crashes. I search for the solution, but everything I found not working for me. Now my code looks like:

Startup.cs

public void Configuration(IAppBuilder app)
        {
            app.CreatePerOwinContext<ApplicationContext>(ApplicationContext.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Home/Login"),
                LogoutPath = new PathString("/Home/Login"),
                ExpireTimeSpan = TimeSpan.FromMinutes(1),
               
            });
        }

Web.config

<system.web>
    <authentication mode="Forms">
    <forms loginUrl="~/Home/Login"  timeout="1" />
    </authentication>
  </system.web>

Function from JS which calls action:

function click(d) {
                //Some logic
                    $.ajax({
                        url: '@Url.Action("GetDataForNode", "Home")',
                        type: 'POST',
                        dataType: 'json',
                        cahe: false,
                        data: { uid: d.id, index: index, nodesUid: nodesUid, request },
                        success: function (results) {
                            //Some logic
                        },
                        error: function (xhr) {
                            if (xhr.status === 401) {
                                window.location.href = xhr.Data.LogOnUrl;
                                return;
                            }
                        }
                    })
            }

And in controller I created:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
    public class MyAuthorizeAttribute : AuthorizeAttribute
    {
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (filterContext.HttpContext.Request.IsAjaxRequest())
            {
                filterContext.HttpContext.Response.StatusCode = 401;
                filterContext.Result = new JsonResult
                {
                    Data = new
                    {
                        Error = "NotAuthorized",
                        LogOnUrl = FormsAuthentication.LoginUrl
                    },
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet
                };
                filterContext.HttpContext.Response.End();
                
            }
            else
            {
                base.HandleUnauthorizedRequest(filterContext);
            }
        }
    }

After executed I get this enter image description here

Jason Aller
  • 3,541
  • 28
  • 38
  • 38
Ihor Mykytiv
  • 99
  • 7
  • due to *401* status code looks like result is not returned, try using different status code – Ehsan Sajjad Mar 14 '18 at 12:26
  • `but if action called from AJAX function it crash` Define `crash`. – mjwills Mar 14 '18 at 12:29
  • @mjwills I mean result that I added in image. As expected when ajax method get error with 401 code it return to login page. But it not works. – Ihor Mykytiv Mar 14 '18 at 12:33
  • Please, Go through the below link you will get your answer https://stackoverflow.com/questions/7091498/with-asp-net-mvc-redirect-to-login-page-when-session-expires – krunal patel Mar 14 '18 at 12:39
  • @krunalpatel none of the answers in that question really deal with the ajax scenario, despite the mention of it in the question. – ADyson Mar 14 '18 at 14:00

1 Answers1

-1

Add a life cycle method Application_EndRequest handler to your code in global.asax.cs. Every request will end in this method, This method will allows you to redirect to appropriate action, when your request is unauthorized(401) just redirect to appropriate action.

   protected void Application_EndRequest()
        {                
            // redirected to the login page.
            var context = new HttpContextWrapper(Context);
            if (context.Request.IsAjaxRequest() && context.Response.StatusCode == 401)
            {
                new RedirectResult("~/Account/Login");
            }
        }
    }
Ravikumar
  • 211
  • 1
  • 10
  • sending a 302 and a redirect header doesn't really make sense in an ajax context...the ajax client does not automatically follow a redirect. Of course the ajax call could be programmed to look at the Location header and follow it, but if that's what you're advocating you should probably include that side of the code too, and an explanation of what's happening. – ADyson Mar 14 '18 at 13:57