locked
Authorize Filter - How does it work? RRS feed

Answers

  • User1779161005 posted

    The attribute is used by the plumbing in the controller base class that does the action method dispatching. It consults HttpContext.User for the current user. If the user is not authroized then it issues a 401 response code.

    The redirect is coming from elsewhere in the system -- this is done by the forms authentication plumbing. It sees the response is 401 and it converts it to a 302 to get the user to the login page.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, November 27, 2012 11:44 AM

All replies

  • User1779161005 posted

    The attribute is used by the plumbing in the controller base class that does the action method dispatching. It consults HttpContext.User for the current user. If the user is not authroized then it issues a 401 response code.

    The redirect is coming from elsewhere in the system -- this is done by the forms authentication plumbing. It sees the response is 401 and it converts it to a 302 to get the user to the login page.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, November 27, 2012 11:44 AM
  • User2074931137 posted

    Thank you for the answer.  My follow-up question is at http://forums.asp.net/p/1861772/5222629.aspx/1?p=True&t=634896151420468546

    (is that a chinese character appearing above your name?)

    Thanks again. 

    Tuesday, November 27, 2012 12:15 PM