"Authorize" attribute and 403 error page
- by zerkms
[Authorize] property is nice and handy MS invention, and I hope it can solve the issues I have now
To be more specific:
When current client isn't authenticated - [Authorize] redirects from secured action to logon page and after logon was successfull - brings user back, this is good.
But when current cilent already authenticated but not authorized to run specific action - all I need is to just display my general 403 page.
Is it possible without moving authorization logic within controller's body?
UPD:
The behavior I need in should be semantically equals to this sketch:
public ActionResult DoWork()
{
if (!NotAuthorized())
{
return RedirectToAction("403");
}
return View();
}
so - there should no any redirect and url should be stay the same, but contents of the page should be replaced with 403-page