问题描述

在Startup.ConfigureServices()中，我这样配置授权过滤器:

In Startup.ConfigureServices() I configure authorization filter like this:

services.AddMvc(options =>
{
    options.Filters.Add(new AuthorizeFilter(myAuthorizationPolicy));
})

并且我使用基于配置的cookie身份验证或AAD身份验证:

and I use either cookie authentication or AAD authentication based on config:

if (useCookieAuth)
{
    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie();
}
else
{
    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
       .AddAzureAD(options => Configuration.Bind("Authentication:AzureAd", options));
}

现在，当我访问页面并且myAuthorizationPolicy失败时，我被重定向到"Account/AccessDenied?ReturnUrl =％2F"，但是我想返回403.

Now, when I visit a page and myAuthorizationPolicy fails, I'm redirected to "Account/AccessDenied?ReturnUrl=%2F", but I want to return 403 instead.

推荐答案

似乎您必须重写OnRedirectToAccessDenied

It seems that you have to override the OnRedirectToAccessDenied

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options => {
        options.Events.OnRedirectToAccessDenied = context => {
             context.Response.StatusCode = 403;
             return Task.CompletedTask;
        };
    });

这篇关于AuthorizeFilter失败时如何返回403而不是重定向到拒绝访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！