diff --git a/src/Umbraco.Web/Editors/PreviewController.cs b/src/Umbraco.Web/Editors/PreviewController.cs
index 488272153a..08de0f83ba 100644
--- a/src/Umbraco.Web/Editors/PreviewController.cs
+++ b/src/Umbraco.Web/Editors/PreviewController.cs
@@ -8,11 +8,10 @@ using Umbraco.Web.Mvc;
namespace Umbraco.Web.Editors
{
- [UmbracoAuthorize]
[DisableBrowserCache]
public class PreviewController : Controller
{
-
+ [UmbracoAuthorize(redirectToUmbracoLogin: true)]
public ActionResult Index()
{
var model = new BackOfficePreview
@@ -33,7 +32,6 @@ namespace Umbraco.Web.Editors
return View(GlobalSettings.Path.EnsureEndsWith('/') + "Views/Preview/" + "Index.cshtml", model);
}
- [AllowAnonymous]
public ActionResult Editors(string editor)
{
if (string.IsNullOrEmpty(editor)) throw new ArgumentNullException("editor");
diff --git a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
index c5ebf24626..fdcade45e2 100644
--- a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
@@ -4,6 +4,7 @@ using System.Web.Mvc;
using Umbraco.Core;
using Umbraco.Web.Security;
using umbraco.BasePages;
+using Umbraco.Core.Configuration;
namespace Umbraco.Web.Mvc
{
@@ -14,6 +15,7 @@ namespace Umbraco.Web.Mvc
{
private readonly ApplicationContext _applicationContext;
private readonly UmbracoContext _umbracoContext;
+ private readonly string _redirectUrl;
private ApplicationContext GetApplicationContext()
{
@@ -36,16 +38,40 @@ namespace Umbraco.Web.Mvc
_applicationContext = _umbracoContext.Application;
}
+ ///
+ /// Default constructor
+ ///
public UmbracoAuthorizeAttribute()
{
}
- ///
- /// Ensures that the user must be in the Administrator or the Install role
- ///
- ///
- ///
- protected override bool AuthorizeCore(HttpContextBase httpContext)
+ ///
+ /// Constructor specifying to redirect to the specified location if not authorized
+ ///
+ ///
+ public UmbracoAuthorizeAttribute(string redirectUrl)
+ {
+ _redirectUrl = redirectUrl ?? throw new ArgumentNullException(nameof(redirectUrl));
+ }
+
+ ///
+ /// Constructor specifying to redirect to the umbraco login page if not authorized
+ ///
+ ///
+ public UmbracoAuthorizeAttribute(bool redirectToUmbracoLogin)
+ {
+ if (redirectToUmbracoLogin)
+ {
+ _redirectUrl = GlobalSettings.Path.EnsureStartsWith("~");
+ }
+ }
+
+ ///
+ /// Ensures that the user must be in the Administrator or the Install role
+ ///
+ ///
+ ///
+ protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null) throw new ArgumentNullException("httpContext");
@@ -73,11 +99,20 @@ namespace Umbraco.Web.Mvc
///
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
- filterContext.Result = (ActionResult)new HttpUnauthorizedResult("You must login to view this resource.");
-
+ if (_redirectUrl.IsNullOrWhiteSpace())
+ {
+ filterContext.Result = (ActionResult)new HttpUnauthorizedResult("You must login to view this resource.");
+
+
+ }
+ else
+ {
+ filterContext.Result = new RedirectResult(_redirectUrl);
+ }
+
//DON'T do a FormsAuth redirect... argh!! thankfully we're running .Net 4.5 :)
filterContext.RequestContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;
}
}
-}
\ No newline at end of file
+}