自定义授权属性仅触发一次

时间:2014-10-24 11:56:02

标签: asp.net authentication caching

所以这是我的问题,当我登录网站并在第一次访问页面时我的属性正常工作,第二次登录到具有其他角色的网站时,没有解雇授权属性..

 [AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public class AuthorizationAttribute : Attribute
{
    public AuthorizationAttribute(params string[] allowedRoles)
    {
        var user = HttpContext.Current.User;
        var result = allowedRoles.Select(x=>x).Where(x=>user.IsInRole(x.ToLower()));
        var isUserInRoles = result.Any();
        if (isUserInRoles) return;
        //if user is admin and allowed role is admin
        if (!Roles.GetRolesForUser().Any() && allowedRoles.Select(x => x.ToLower()).Contains(UserRoles.Admin.ToLower()))
            return;

        HttpContext.Current.Response.Redirect("~/ErrorPages/AccessDenied.aspx");
    }

并在页面上

 [Authorization(UserRoles.RegionManager)]

0 个答案:

没有答案