Introduction
I was looking for a quick way to modify the logon view depending on if the user was doing a standard login or was being redirected to login as a result of not having the suitable roles.
The Controller
In the controller, the Action might have the following;
[Authorize(Roles = "Admin-Can-Create")]
public ActionResult Create()
{
return View();
}
If the current user is not authenticated or does not have the "Admin-Can-Create" role, then the page will be directed to the login view. Now, the user might wonder why they have been redirected to the login view if for example they are already logged in.
Not looking for anything fancy or complicated, just plain old keep it simple, just want to modify the text displayed.
The obvious thing that occurred to me was that when the user was redirected to the logon page due to a lack of suitable Role, the query string contains the ReturnUrl parameter, with the path to return to on completion of the authentication.
Excellent, I will just check for the appearance of this parameter and that will do.
The View
Adding a simple check in the Razor view and what I now have is:
@if (Url.RequestContext.HttpContext.Request.QueryString.AllKeys.Contains("ReturnUrl"))
{
<h2>Insufficient Permissions</h2>
<p style="color: Red">You may have arrived at this page
if you have tried to perform an action for which you do not have the
necessary permissions and require a higher level of access.</p>
}
else
{
<h2>Log On</h2>
<p>
Please enter your user name and password to logon.
</p>
}
What the code is doing is getting a string array of all the keys present in the query string and then checking for the existence of one named ReturnUrl.
This approach means the user does not get a warning if they have elected to select the Logon button and go to the logon page deliberately and will only see the modified view if they are being taken there due to for example lack of permissions.
This is simple and serves my needs for the quick check I needed.
History
Submit an article or tip
