所以这是我的问题,当我登录网站并在第一次访问页面时我的属性正常工作,第二次登录到具有其他角色的网站时,没有解雇授权属性..
[AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public class AuthorizationAttribute : Attribute
{
public AuthorizationAttribute(params string[] allowedRoles)
{
var user = HttpContext.Current.User;
var result = allowedRoles.Select(x=>x).Where(x=>user.IsInRole(x.ToLower()));
var isUserInRoles = result.Any();
if (isUserInRoles) return;
//if user is admin and allowed role is admin
if (!Roles.GetRolesForUser().Any() && allowedRoles.Select(x => x.ToLower()).Contains(UserRoles.Admin.ToLower()))
return;
HttpContext.Current.Response.Redirect("~/ErrorPages/AccessDenied.aspx");
}
并在页面上
[Authorization(UserRoles.RegionManager)]