AJAX 與 [Authorize]

ASP.NET MVC 在 Controller 或 Action 上加上 [Authorize] 就可以驗證是否已經登入，如果沒有登入就會被帶往登入頁面

當使用ajax方式則會得到狀態為200的頁面(指定的頁面)，因此需要改寫可以回傳一個Json :

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.IsAjaxRequest())
        {
            filterContext.Result = new JsonResult
            {
                Data = new 
                { 
                    // put whatever data you want which will be sent
                    // to the client
                    message = "sorry, but you were logged out" 
                },
                JsonRequestBehavior = JsonRequestBehavior.AllowGet
            };
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
}

$.get('@Url.Action("SomeAction")', function (result) {
    if (result.message) {
        alert(result.message);
    } else {
        // do whatever you were doing before with the results
    }
});

如果是用 AngularJs，IsAjaxRequest 會一直判斷是 false，因為 AngularJs 的 ajax 呼叫沒有包含 X-Requested-With 表頭，而 ASP.NET MVC 是用這個表來判斷是否為一個 ajax 呼叫，所以必須改為：

var productsApp = angular.module('productsApp', []);

productsApp.config(['$httpProvider', function ($httpProvider) {

$httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest'; 

}]);