A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
Custom AuthorizeAttribute etc
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
Hi,
I'm trying to understand how EPiServer 7 Access Rights works with MVC and normal authorization attributes on actions/controllers.
The problem is simple: I have created a page and restricted it to authenticated users (via Edit Mode). Now, I have a partially rendered grid on this page. The grid is updated (e.g. paging, sorting) by calling (via ajax) an action that returns a partial view. This works as intended.
But when I open up another browser window and log out from the website, then go back to the first browser window and perform e.g. a sorting operation on the grid, I get redirected to the login page which is now rendered within the target div I set aside for the partial view. I thought I solved this with a custom authorize attribute that handles ajax requests as described here: http://stackoverflow.com/a/8305991. But in my case, in EPiServer 7, I noticed that my custom AuthorizeAjaxAttribute is never invoked. It seems that EPiServer takes care of all that behind the scenes.
Any ideas how to solve this?