Search code examples
asp.net-mvchttp-redirectaction-filtercustom-action-filter

ASP.NET MVC Custom Action Filter is not redirecting

I'm trying to redirect users that had a session expired to a login page, using an action filter like below:

public class SessaoFilterAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            string controllerName = filterContext.Controller.GetType().Name;
            string actionName = filterContext.ActionDescriptor.ActionName;
            if (filterContext.HttpContext.Session != null)
            {
                if (filterContext.HttpContext.Session["Autenticado"] == null)
                {
                  if (!controllerName.Equals(typeof(LoginController).Name, StringComparison.InvariantCultureIgnoreCase)
                  || (!actionName.Equals("Login", StringComparison.InvariantCultureIgnoreCase) 
                  && !actionName.Equals("Autenticar", StringComparison.InvariantCultureIgnoreCase)))
                    {
                        filterContext.Result = 
                          new RedirectToRouteResult(
                             new RouteValueDictionary{
                                     { "controller", "Login" },
                                     { "action", "Login" }
                             });
                    }
                }
            }
            base.OnActionExecuting(filterContext);
        }
    }

When the base.OnActionExecuting(filterContext) is processed, the firefox browser receive just these answers and not redirect to a Login Page:

GET (address)/Login/OpenChangePassword?_=1399920034730 200 OK 140ms  jquery-1.7.1.js (line 8102) --> **The action that a Tried to call**

GET (address)/Scripts/jquery-1.7.1.js?_=1399920034951  200 OK 8ms        jquery-1.7.1.js (line 8102)

GET (address)/maskedinput-1.1.2.pack.js?_=1399920035043 200 OK 3ms  jquery-1.7.1.js (line 8102)

Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen. 0

Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen. 0

GET (address)/Scripts/jquery.dataTables.js?_=1399920035078 200 OK 7ms   jquery-1.7.1.js (line 8102) 

GET (address)/Scripts/select2.js?_=1399920035155 200 OK 14ms    jquery-1.7.1.js (line 8102)

GET (address)/Scripts/select2_locale_pt-BR.js?_=1399920035213 200 OK 2ms jquery-1.7.1.js (line 8102)

GET (link)/Scripts/jquery-ui-1.8.20.js?_=1399920035238 200 OK 6ms jquery-1.7.1.js (line 8102)

GET (address)/Scripts/jquery.unobtrusive-ajax.js?_=1399920035339 200 OK 4ms jquery-1.7.1.js (line 8102)

GET (address)/Scripts/jquery.validate.js?_=1399920035368 200 OK 4ms jquery-1.7.1.js (line 8102)

GET (link)/Scripts/jquery.validate.unobtrusive.js?_=1399920035399 200 OK 2ms

These .js files are the files that I rendered to the login page.

Somebody can help?

Tks

Solution

  • For this scenario I would recommend a Filter that derives from AuthorizeAttribute and then override the AuthorizeCore method. As far as I know these kind of Filters are executed before any other filters (includeding those derived from ActionFilterAttribute, like yours).

    I had a similar scenario like yours and deriving from AuthorizeAttribute did the job for me.