telerik网格动作方法的两个动作属性

时间:2013-03-31 12:13:32

标签: asp.net-mvc-3 telerik-grid

我正在为我的应用程序使用MVC3和telerik mvc扩展。

我在ajax动作方法上使用了Authorized属性,该方法将检查用户是否被授权。这很好用。现在,我想检查会话是否已过期。所以定义了相同的新属性。在动作方法中使用以下两个属性。

[GridAction]
[SessionExpire]
[ISAuthorize("S")]
public ActionResult Select()
{
        return View(new GridModel(db_context.students));
}

这是授权属性的代码.... 

public class ISAuthorizeAttribute : AuthorizeAttribute
{
    private readonly string[] _flag;
    private readonly AuthAccess authAcc = new AuthAccess(WebConfigurationManager.ConnectionStrings["AuthContext"].ConnectionString);

    public ISAuthorizeAttribute(params string[] flag)
    {
        _flag = flag;
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return httpContext.User.Identity.IsAuthenticated && Authorization.AuthorizeUser(httpContext, _flag);
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {

        filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "Unauthorized" }, 
                { "controller", "Account" }
                ,{ "errormessage", "Unauthorized access. You do not have the required permissions for this action." }
        });

    }
}

会话过期属性如下... 

public class SessionExpireAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting( ActionExecutingContext filterContext ) {
        //HttpContext ctx = HttpContext.Current;
        HttpContextBase ctx = filterContext.HttpContext;

        // check if session is supported
        if ( ctx.Session != null ) {

            // check if a new session id was generated
            if ( ctx.Session.IsNewSession ) {

                // If it says it is a new session, but an existing cookie exists, then it must
                // have timed out
                string sessionCookie = ctx.Request.Headers[ "Cookie" ];
                if ( ( null != sessionCookie ) && ( sessionCookie.IndexOf ( "ASP.NET_SessionId" ) >= 0 ) ) {
                    if (ctx.Request.IsAuthenticated)
                    {
                        FormsAuthentication.SignOut();
                    }
                    ctx.Response.Redirect( "~/Account/LogOn.cshtml" );
                }
            }
        }

        base.OnActionExecuting ( filterContext );
    }
}

但我面临的问题是,控制总是进入我处理授权的行动。那么,我该如何解决这个问题呢?使用这样的两个属性是错误的吗?

0 个答案:

没有答案
相关问题
最新问题