Iam using custom Authorize filter to on my action method to check if user has an access to it.
If user does not have an access then user is redirected to Unauthorize page.
The problem iam facing here is iam using Jquery Ajax request to call that action method. Everything works well if the user has an access. But if the user does not have an access the code is not able to bind the View("Unauthorize") and it display the existing view on the browsers screen;
Any suggestions would be helpful.
Thanks.
The thing is that ajax requests can not send a redirect response. You can instead either return a status code that tells the calling javascript to redirect or simply change the Response.ContentType to application/javascript and use window.location = "newUri" as the response body.
Related
Currently, I’m developing a web app with server-side rendering using the Gin framework and I’m having a problem with login intercepting. When an HTTP GET request hits an endpoint, middleware is used to check the browser cookie and redirect the traffic to the login page. This works fine and after successful login, the user is always redirected to the dashboard page. My question is how I should redirect the user back to the originally requested URI instead of the dashboard page?
Also, a bit more complex scenario is on HTTP POST. It looks like the HTTP POST method doesn’t work quite well with a redirect. Also, how would I resume the request with the same post request after the user successfully login?
Thanks for the help!
For the HTTP GET scenario, this one is easy, you need to remember the original URL somewhere. The are a few ways you could go about this:
Store the URL in session information(if any is available, you do need sessions for non-authenticated users)
Store it in a query string, for example, redirect to example.com/login?original=https%3A%2F%2Fexample.com%2Fanother-page. Your login page can look for the query parameter and include it in the login form or make sure that the action of the login form matches the given URI. On a successful login attempt you can get the original URL form the query param and set it as the Location.
Store the original URL in a cookie, upon successful login you can just check the cookie value and use that.
As for the HTTP POST scenario. If you just want to redirect the same POST request to a different URL you can use a 307 Temporary redirect. A 307 will preserve the request body and method and not turn it into a GET request like a 303 See Other or 302 Found.
Resuming the original POST after showing the login screen and after a successful login is a little more complex. When you redirect to the login page you interrupt the flow of the user, maybe it is better to let the user re-post their request after logging in, instead of doing it for them.
Having said that, it is technically possible. We require two steps, first is storing all the data to recreate the request. Then after login completion we can render a form with this saved data and use javascript to submit the form. By adding:
<script>document.getElementById("myForm").submit();</script>
After your form, the browser will submit the form after loading the javascript, thus recreating the original POST.
The storage part can be done via the server side session or a cookie.
When I perform a login via FosUserBundle on my Symfony3 project I want to return an Ajax response instead of the html of the3 lgoin form.
As fas I searched I found that there is a fos_user_security_check that uses the FOSUserBundle:Security:check that checks if the user is loged in or not but I could not find either the source code of controller that performs the login or any sort of custom trigger in order to do that.
I also looked into: http://symfony.com/doc/current/bundles/FOSUserBundle/index.html but I cannot find a clue.
The problem that you are facing is that Symfony's build-in authentication handler performs a redirect after a successful login or redirects back to the login form on failure. To handle AJAX logins you have to write your own authentication handler. This article explains it:
http://www.webtipblog.com/adding-an-ajax-login-form-to-a-symfony-project/
I am building an application and I want to do a validation in which when user tries to access a POST method he should be redirected to a new Page. For example when I Login, the username and password validations are done in the post method that has
#RequestMapping(value = "/firstPage.htm", method = RequestMethod.POST)
So what I want to do is if user saves this link xyz.../firstPage.htm after the application is closed by pasting it in browser url, he should not get 405 error instead he should be redirected to another page that says You are not Authenticated to view this page.
How do I do this?
Regards,
Zingo
You could add another method in your controller that handles the same URI, but with RequestMethod Get. It can simply shows a page with a login form asking the user to login.
This will also lead to a more standardized approach. Where a GET request to a URL shows the form, while POSTing credentials to the same URL logs you in.
Hope this helps.
Here I am make one application which is fully remote based.
only once all js and css loaded. So I want need solution for session expired.
Means when ajax request come to controller, it will be authenticated first, for session if session expired then I want to redirect to login page relogin.
[EDIT - #Brad]
Let's try and clarify your requirement..
1) make request to server via Ajax
2) server responds with HTTP 401, not authorized
3) Ajax recognises 401 status and redirects to Login page
4) login success,
5) then old request executed. means step 1 request executes.
6) but I want dont want to execute that step-1 request but want to execute home page everytime.
One approach is to have your Client side AJAX code check for a HTTP 401 response code which means that your users session has timeout and they are no longer logged in.
Using JQuery...
$.ajax({
type: "post", url: "/SomeController/SomeAction",
success: function (data, text) {
//...
},
error: function (request, status, error) {
// look for status of 401 and redirect to login
}
});
Of course you just have to make sure your web app is returning the appropriate status codes. I found this article on the subject to be thought provoking.
There is also some good information on a similar question
[EDIT]
OK, from your updated question at step 3) this is occuring over an ajax request and I am expecting that your user does not see a login page because your ajax handling code will receive the 401 response and you can decide not to display it. You can then redirect the users browser to your login URL of choice. In this case you would redirect to the home page, or configure your login page to accept an additional URL parameter to tell it where you want the user to be sent to once they have logged in.
You could use a filter interceptor before the request comes on to your action every time.
A better way to do this is by using the apache-shiro authentication plugin available for grails.
See this : Apache Shiro Integration for Grails
Install this in your application and configure it. Its simple and takes care of most of your authentication requirements.
I noticed if my session expired whilst on my site and then I clicked on an Ajax.ActionLink, the login page would be displayed in a PartialView. I've created an override of the OnActionExecuting method like so:
protected override void OnActionExecuting(ActionExecutingContext ctx)
{
if (!ctx.HttpContext.User.Identity.IsAuthenticated)
{
if (ctx.RequestContext.HttpContext.Request.IsAjaxRequest())
{
//ctx.RequestContext.HttpContext.Response.RedirectToRoute(new { controller = "Account", action = "LogOn" });
ctx.RequestContext.HttpContext.Response.Redirect(Url.RouteUrl(new { controller = "Account", action = "LogOn" }));
}
}
}
This checks if the User is Authenticated and then if the request is an AjaxRequest. It will then redirect the user to the LogOn method in my Account controller if they're no longer authenticated for an Ajax actionlink. The problem is I get "Failed to load resource" in the console.
This checks if the User is Authenticated and then if the request is an
AjaxRequest. It will then redirect the user to the LogOn method in my
Account controller if they're no longer authenticated for an Ajax
actionlink
Yes, but if you configured your Ajax.ActionLink or Ajax.BeginForm to update some DOM element with the results of the AJAX request using the AjaxOptions, it doesn't really matter if you are redirecting on the server. The AJAX request will simply follow the redirect and insert the resulting HTML you redirected to (/Account/LogOn) inside the DOM element.
So redirecting from an AJAX request won't solve your problem. As you know the whole point of an AJAX request is to stay on the same page (the address bar never changes).
If you wanted to handle the authentication cookie expired condition in a proper way within your AJAX requests you will have to perform the redirect on the client (using window.location.href). In order to achieve that you may take a look at the following blog post in which Phil Haack exposes a great technique allowing your server to send a 401 HTTP status code in this case instead of redirecting. Then on the client you could intercept this code (by subscribing to a global AJAX handler for example) and redirect to the logon page from the client.