Having different login pages for different ASP.NET MVC 3 areas

By Posted on

Problem :

Can I have different login URL for different ASP .NET MVC3 areas?

e.g. I would like to have different login page for Administrator and Data entry operators.

I see a web.config in each area’s view portion and I have tried doing:

<authentication mode="Forms">
    <forms loginUrl="~/Administration/Account/LogOn" timeout="2880" />
</authentication>

but it does not play well.

Cheers.

Solution :

I’m not aware of .NET handling this for you but you could create a custom AuthorizationAttribute

public class CustomAuthorization : AuthorizeAttribute {

  public string Url { get; set; }

  public override void OnAuthorization(AuthorizationContext filterContext) {

    if (!filterContext.HttpContext.User.Identity.IsAuthenticated) {
      filterContext.HttpContext.Response.Redirect(Url);
    }
    base.OnAuthorization(filterContext);

  }

}

An add that to your controllers/actions

[CustomAuthorization(Url="/Area/Login")]
public class HomeController {
  //...
}

My solution was based on the solution presented by David Glenn, thanks.

public class CustomAuthorization : AuthorizeAttribute
{
    public string Url { get; set; }

    // redirect to login page with the original url as parameter.
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);
    }
}

And add the Attribute to your controllers/actions

[CustomAuthorization(Url="/Area/Login")]
public class HomeController {
  //...
}

Is better use filterContext.Result than filterContext.HttpContext.Response.Redirect(Url) to redirect because the current filter will redirect immediately to the login page otherwise the original action will be called and only then redirected to login page.

Leave a Reply

Your email address will not be published. Required fields are marked *