我正在使用
Authorize[Roles = "Agent")]
哪个一直运行正常但是现在我要检查他们是否也在付费用户组中我认为我可以这样做:
Authorize[Roles = "Agent, Paid")]
然而,上述不起作用,似乎是检查我是否处于其中任何一个角色,而不是如果我在两者中。我该怎么办?
答案 0 :(得分:1)
您应该自定义Authorize Attribute
public class AuthorizeMultipleAttribute : AuthorizeAttribute
{
//Authorize multiple roles
public string MultipleRoles { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return false;
}
//Logic here
//Note: Make a split on MultipleRoles, by ','
//User is in both roles => return true, else return false
}
}
DEMO:
[AuthorizeMultiple(MultipleRoles ="Agent,Paid")]