Problem
I have created a view that posts to an action via Ajax with the expectation that the action will return the requested data or an empty string. Even better, I would like it to be configurable to return whatever value I see fit.
The problem arises when I decorate the called action with the [Authorize] attribute. If the request is not authorized and I have a loginUrl configured in my web.config, my ajax request will return the html output of my loginUrl view. That is undesirable.
Solution
I can extend the existing Authorize attribute by inheriting from the AuthorizeAttribute class. Here is the code that extends the Authorize attribute:
public class AjaxAuthorizeOverrideAttribute : AuthorizeAttribute
{
public string View { get; set; }
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.Request.IsAjaxRequest())
{
base.HandleUnauthorizedRequest(filterContext);
return;
}
filterContext.Result = new ViewResult { ViewName = View };
filterContext.Result.ExecuteResult(filterContext.Controller.ControllerContext);
}
}Here is the decorator for the ajax action in the controller class:
[AjaxAuthorizeOverride(View="AjaxAuthorizeError")]
public ActionResult AjaxRequest()
{
return View();
}Note: there is no default view page being rendered.
Original article can be found here
