Handling 401 Unauthorised Responses

4 posts, 0 answers
  1. Nick
    Nick avatar
    86 posts
    Member since:
    Mar 2008

    Posted 27 Feb 2013 Link to this post

    I'm using the grid to fetch data from an ASPNET MVC intranet application which has Authorize attributes on the create/edit/delete actions.  The application uses WIndow authentication.

    Rather than let the browser prompt the user for new credentials, I want to display a dialog or similar to inform the user politely they do not have the correct authorisation to perform that action.

    Is there a way to configure the grid to handle 401 (or 403 if it is more suitable) in such a way?

    Also, as a side note, my grid is in batch edit mode by default. Is there a way to put the grid into readonly if the user does not have permission for editing? Or do I need to define the grid twice and show a different partial view based on roles?

    Thanks,
    Nick

  2. Daniel
    Admin
    Daniel avatar
    2117 posts

    Posted 01 Mar 2013 Link to this post

    Hello Nick,

    You could use the dataSource error event to check the error status and display a Window. The grid does not support disabling editing dynamically on the client. You could either recreate the Grid with editing disabled:

    .Editable(e => e.Mode(GridEditMode.InCell).Enabled(isAuthorized))
    or hide the buttons and stop the events:
    function error(e) {
        if (e.errors){
            ....
        }
        else if (e.xhr.status == 401) {
            //show message
            var grid = $("#grid").data("kendoGrid");
            grid.table.on("click", "tbody > tr", function (e) {
                e.stopPropagation();
            });
            grid.element.find("> .k-grid-toolbar").hide();
        }               
    }
    Regards,
    Daniel
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
  3. UI for ASP.NET MVC is VS 2017 Ready
  4. Nick
    Nick avatar
    86 posts
    Member since:
    Mar 2008

    Posted 01 Mar 2013 Link to this post

    Thanks for the reply Daniel.

    Issue 1 - 401 Errors
    I have modified my error handler to catch 401 and display a message, all good. But the handler does not fire until the user dismisses the browser's prompts to re-authenticate.  Is there any way to prevent this?

    Issue 2 - Readonly/Edit b Role
    I have modified my .Editable option as follows:
    .Editable(e => e.Mode(GridEditMode.InCell).Enabled(User.IsInRole("EditMonitor")))
    Which does indeed write the grid in readonly when the user doesn't have the role  :D

    Unfortunately it doesn't hide the toolbar.  Clicking on the Add New Item button now causes an error.

    I couldn't find a similar method on the toolbar settings anywhere, have I missed something?

    Thanks,
    Nick




  5. Daniel
    Admin
    Daniel avatar
    2117 posts

    Posted 05 Mar 2013 Link to this post

    Hello Nick,

    I do not think that there is a way to prevent the default behavior without a custom attribute. I can suggest to create one and replace the result with a custom error:

    public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
       public override void OnAuthorization(AuthorizationContext filterContext)
       {
           base.OnAuthorization(filterContext);
           if (filterContext.Result is HttpUnauthorizedResult && filterContext.HttpContext.Request.IsAjaxRequest())
           {
               filterContext.Result = new JsonResult()
               {
                   Data = new { Errors = new { unauthorized = "message" } }
               };
           }
       }
    }
    function error(e) {
        if (e.errors && e.errors.unauthorized) {
            ...
        }
    }
    Regarding your question about the ToolBar, there is not an enabled method but if there are not commands or template added then it will not be used:
    .ToolBar(toolbar =>
        {
            if (User.IsInRole("EditMonitor"))
            {
                toolbar.Save();
            }
        })


    Regards,
    Daniel
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
Back to Top
UI for ASP.NET MVC is VS 2017 Ready