mvc3 action验证失败后的自定义处理

我们知道,要在一个action前加上权限的限制就要特性比如拥有admin权限的用户就加上

[Authorize(Roles="admin")]

给每个登陆用户分配权限则是要在Global.asax.cs中加上这两个函数

        public MvcApplication()
        {
            AuthorizeRequest += new EventHandler(MvcApplication_AuthorizeRequest);
        }

        void MvcApplication_AuthorizeRequest(object sender, EventArgs e)
        {
            IIdentity id = Context.User.Identity;
            if (id.IsAuthenticated)
            {
                var roles = new string[] { "admin", "reg" };
                //string[] rolelist = new string[] { roles.Name };
                Context.User = new GenericPrincipal(id, roles);
            }
        }

当权限验证失败时,mvc默认跳转到登陆页面,如果我们要改变这一设置就要重载Attribute 类:System.Web.Mvc.AuthorizeAttribute的HandleUnauthorizedRequest函数

比如发生错误的时候跳转到新浪首页:

    public class MyAuth : System.Web.Mvc.AuthorizeAttribute
    {
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            //base.HandleUnauthorizedRequest(filterContext);
            filterContext.HttpContext.Response.Redirect("http://www.sina.com");
        }
    }

别忘了在action前面加上自己定义的权限特性:

[MyAuth(Roles = "admin")]