c# - Redirect users with suspended accounts without creating redirect loop -


i have subscription based mvc 2 application basic .net membership service in place (underneath custom components manage account/subscription, etc). users accounts have lapsed, or have manually suspended accounts, need able single view in system manages status of account. controller driving view protected using [authorize] attribute.

i want ensure no other views in system can accessed until user has re-activated account. in base controller (from protected controllers derive) tried modifying onactionexecuting method intercept action, check suspended account, , if it's suspended, redirect single view manages account status. puts me in infinite loop. when new action hit, onactionexecuting gets called again, , cycle keeps going.

i don't want extend [authorize] attribute, can if need be.

any other thoughts on how @ controller level?

edit: in base controller, managing redirect (that subsequently created redirect loop) modifying filtercontext.result property, setting redirecttoaction result of view in question. noticed everytime loop occurs, filtercontext.result == null. perhaps should checking against different part of filtercontext?

ok, here's solution in case helps else. there's got more elegant way this, , i'm ears if has better idea.

in basecontroller.cs:

    protected override void onactionexecuting(actionexecutingcontext filtercontext)     {         viewdata["currentuser"] = currentuser; // public property in basecontroller          if (currentuser != null && currentuser.account.status != accountstatus.active)         {             // if account disabled , authenticated, need allow them             // account settings screen can re-activate, logoff             // action.  else should disabled.             string[] actionwhitelist = new string[] {                  url.action("edit", "accountsettings", new { id = currentuser.account.id, section = "billing" }),                  url.action("logoff", "account")             };              var allowaccess = false;             foreach (string url in actionwhitelist)             {                 // compare each of whitelisted paths raw url request context.                 if (url == filtercontext.httpcontext.request.rawurl)                 {                     allowaccess = true;                     break;                 }             }              if (!allowaccess)             {                 filtercontext.result = redirecttoaction("edit", "accountsettings", new { id = currentuser.account.id, section = "billing" });             }         }          base.onactionexecuting(filtercontext);     }

Comments

Post a Comment

Popular posts from this blog

Add email recipient to all new Trac tickets -

is there configuration change can made trac send notification email address upon creation of new tickets? if can't done through config, plugin second best option, source code modification last resort. note: setting smtp_always_cc in notification section of tracini send messages on updates. i'm in need of email notifications only on creation of new ticket. does have email notification? 1 option have create query list ten (or many) recently-created tickets. when looking @ results of query, use "rss feed" button @ bottom of page subscribe feed notify whenever results of query updated.
Read more

400 Bad Request on Apache/PHP AddHandler wrapper -

i'm trying create wrapper/handler called on apache server whenever requests php script inside of directory. way can authorize users entire directory or write other stuff called when directory called. this best configuration i've been able come with... <directory "/srv/http/innov/public_html"> options -indexes allowoverride order allow,deny allow directoryindex index.php </directory> then in /srv/http/innov/public_html/kb/ have .htaccess file... options -indexes addhandler auth_handler .php action auth_handler ../auth_handler.php then in /srv/http/innov/public_html/kb/auth_handler.php follows... <?php $file = $_server['path_translated']; echo $file; ?> access log: - - [02/dec/2010:17:43:15 -0500] "get /kb/index.php http/1.1" 400 590 error log: [thu dec 02 17:50:19 2010] [error] [client xxx.xxx.xxx.xxx] invalid uri in request /kb/ http/1.1 i've checked browser , seems making proper request...
Read more

php - Change action and image src url's with jQuery -

i parsing form 1 of sites using php proxy. working fine form action , img src of submit button url's relative. how can prepend full http//www.domain.com/ in front of each of url's in form? edit: here's form code once fed through new domain: <div style="display: none;" id="subscribeform" class="newform"> <h5>subscribe our newsletter</h5> <form action="/campaignprocess.aspx?listid=27057" method="post" onsubmit="return checkwholeform93426(this)" name="catemaillistform93426"> <div class="form"> <div class="item"> <label for="clfullname">full name</label> <br /> <input type="text" maxlength="255" id="clfullname" name="fullname" class="cat_textbox_small" st...
Read more